CVE-2019-19772

Published: Mar 6, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

Affected (80)

Products: Lexmark: Cs31x Firmware, Cs41x Firmware, Cs51x Firmware, Cx310 Firmware, Cx410 Firmware, Xc2130 Firmware, Cx510 Firmware, Xc2132 Firmware, Ms310 Firmware, Ms312 Firmware, Ms317 Firmware, Ms410 Firmware, M1140 Firmware, Ms315 Firmware, Ms415 Firmware, Ms417 Firmware, Ms51x Firmware, Ms610dn Firmware, Ms617 Firmware, M1145 Firmware, M3150dn Firmware, Ms610de Firmware, M3150 Firmware, Ms71x Firmware, M5163dn Firmware, Ms810 Firmware, Ms811 Firmware, Ms812 Firmware, Ms817 Firmware, Ms818 Firmware, Ms810de Firmware, M5155 Firmware, M5163 Firmware, Ms812de Firmware, M5170 Firmware, Ms91x Firmware, Mx31x Firmware, Xm1135 Firmware, Mx410 Firmware, Mx510 Firmware, Mx511 Firmware, Xm1140 Firmware, Xm1145 Firmware, Mx610 Firmware, Mx611 Firmware, Xm3150 Firmware, Mx71x Firmware, Mx81x Firmware, Xm51xx Firmware, Xm71xx Firmware, Mx91x Firmware, Xm91x Firmware, Mx6500e Firmware, C746 Firmware, C748 Firmware, Cs748 Firmware, C792 Firmware, Cs796 Firmware, C925 Firmware, C950 Firmware, X548 Firmware, Xs548 Firmware, X74x Firmware, Xs748 Firmware, X792 Firmware, Xs79x Firmware, X925 Firmware, Xs925 Firmware, X95x Firmware, Xs95x Firmware, 6500e Firmware, C734 Firmware, C736 Firmware, E46x Firmware, T65x Firmware, X46x Firmware, X65x Firmware, X73x Firmware, W850 Firmware, X86x Firmware

80 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs31x Firmware	Up to lw74.vyl.p267

Running on/with	Platform Versions
Lexmark Cs31x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs41x Firmware	Up to lw74.vy2.p267

Running on/with	Platform Versions
Lexmark Cs41x	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs51x Firmware	Up to lw74.vy4.p267

Running on/with	Platform Versions
Lexmark Cs51x	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx310 Firmware	Up to lw74.gm2.p267

Running on/with	Platform Versions
Lexmark Cx310	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx410 Firmware	Up to lw74.gm4.p267

Running on/with	Platform Versions
Lexmark Cx410	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xc2130 Firmware	Up to lw74.gm4.p267

Running on/with	Platform Versions
Lexmark Xc2130	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx510 Firmware	Up to lw74.gm7.p267

Running on/with	Platform Versions
Lexmark Cx510	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xc2132 Firmware	Up to lw74.gm7.p267

Running on/with	Platform Versions
Lexmark Xc2132	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms310 Firmware	Up to lw74.prl.p267

Running on/with	Platform Versions
Lexmark Ms310	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms312 Firmware	Up to lw74.prl.p267

Running on/with	Platform Versions
Lexmark Ms312	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms317 Firmware	Up to lw74.prl.p267

Running on/with	Platform Versions
Lexmark Ms317	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms410 Firmware	Up to lw74.prl.p267

Running on/with	Platform Versions
Lexmark Ms410	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M1140 Firmware	Up to lw74.prl.p267

Running on/with	Platform Versions
Lexmark M1140	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms315 Firmware	Up to lw74.tl2.p267

Running on/with	Platform Versions
Lexmark Ms315	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms415 Firmware	Up to lw74.tl2.p267

Running on/with	Platform Versions
Lexmark Ms415	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms417 Firmware	Up to lw74.tl2.p267

Running on/with	Platform Versions
Lexmark Ms417	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms51x Firmware	Up to lw74.pr2.p267

Running on/with	Platform Versions
Lexmark Ms51x	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610dn Firmware	Up to lw74.pr2.p267

Running on/with	Platform Versions
Lexmark Ms610dn	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms617 Firmware	Up to lw74.pr2.p267

Running on/with	Platform Versions
Lexmark Ms617	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M1145 Firmware	Up to lw74.pr2.p267

Running on/with	Platform Versions
Lexmark M1145	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M3150dn Firmware	Up to lw74.pr2.p267

Running on/with	Platform Versions
Lexmark M3150dn	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610de Firmware	Up to lw74.pr4.p267

Running on/with	Platform Versions
Lexmark Ms610de	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M3150 Firmware	Up to lw74.pr4.p267

Running on/with	Platform Versions
Lexmark M3150	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms71x Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms71x	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5163dn Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark M5163dn	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms810 Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms810	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms811 Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms811	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms812 Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms812	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms817 Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms817	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms818 Firmware	Up to lw74.dn2.p267

Running on/with	Platform Versions
Lexmark Ms818	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms810de Firmware	Up to lw74.dn4.p267

Running on/with	Platform Versions
Lexmark Ms810de	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5155 Firmware	Up to lw74.dn4.p267

Running on/with	Platform Versions
Lexmark M5155	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5163 Firmware	Up to lw74.dn4.p267

Running on/with	Platform Versions
Lexmark M5163	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms812de Firmware	Up to lw74.dn7.p267

Running on/with	Platform Versions
Lexmark Ms812de	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5170 Firmware	Up to lw74.dn7.p267

Running on/with	Platform Versions
Lexmark M5170	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms91x Firmware	Up to lw74.sa.p267

Running on/with	Platform Versions
Lexmark Ms91x	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx31x Firmware	Up to lw74.sb2.p267

Running on/with	Platform Versions
Lexmark Mx31x	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1135 Firmware	Up to lw74.sb2.p267

Running on/with	Platform Versions
Lexmark Xm1135	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx410 Firmware	Up to lw74.sb4.p267

Running on/with	Platform Versions
Lexmark Mx410	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx510 Firmware	Up to lw74.sb4.p267

Running on/with	Platform Versions
Lexmark Mx510	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx511 Firmware	Up to lw74.sb4.p267

Running on/with	Platform Versions
Lexmark Mx511	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1140 Firmware	Up to lw74.sb4.p267

Running on/with	Platform Versions
Lexmark Xm1140	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1145 Firmware	Up to lw74.sb4.p267

Running on/with	Platform Versions
Lexmark Xm1145	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx610 Firmware	Up to lw74.sb7.p267

Running on/with	Platform Versions
Lexmark Mx610	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx611 Firmware	Up to lw74.sb7.p267

Running on/with	Platform Versions
Lexmark Mx611	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm3150 Firmware	Up to lw74.sb7.p267

Running on/with	Platform Versions
Lexmark Xm3150	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx71x Firmware	Up to lw74.tu.p267

Running on/with	Platform Versions
Lexmark Mx71x	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx81x Firmware	Up to lw74.tu.p267

Running on/with	Platform Versions
Lexmark Mx81x	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm51xx Firmware	Up to lw74.tu.p267

Running on/with	Platform Versions
Lexmark Xm51xx	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm71xx Firmware	Up to lw74.tu.p267

Running on/with	Platform Versions
Lexmark Xm71xx	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx91x Firmware	Up to lw74.mg.p267

Running on/with	Platform Versions
Lexmark Mx91x	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm91x Firmware	Up to lw74.mg.p267

Running on/with	Platform Versions
Lexmark Xm91x	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx6500e Firmware	Up to lw74.jd.p267

Running on/with	Platform Versions
Lexmark Mx6500e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C746 Firmware	Up to lhs60.cm2.p731

Running on/with	Platform Versions
Lexmark C746	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C748 Firmware	Up to lhs60.cm4.p735

Running on/with	Platform Versions
Lexmark C748	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs748 Firmware	Up to lhs60.cm4.p735

Running on/with	Platform Versions
Lexmark Cs748	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C792 Firmware	Up to lhs60.hc.p735

Running on/with	Platform Versions
Lexmark C792	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs796 Firmware	Up to lhs60.hc.p735

Running on/with	Platform Versions
Lexmark Cs796	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C925 Firmware	Up to lhs60.hv.p735

Running on/with	Platform Versions
Lexmark C925	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C950 Firmware	Up to lhs60.tp.p735

Running on/with	Platform Versions
Lexmark C950	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X548 Firmware	Up to lhs60.vk.p735

Running on/with	Platform Versions
Lexmark X548	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs548 Firmware	Up to lhs60.vk.p735

Running on/with	Platform Versions
Lexmark Xs548	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X74x Firmware	Up to lhs60.ny.p735

Running on/with	Platform Versions
Lexmark X74x	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs748 Firmware	Up to lhs60.ny.p735

Running on/with	Platform Versions
Lexmark Xs748	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X792 Firmware	Up to lhs60.mr.p735

Running on/with	Platform Versions
Lexmark X792	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs79x Firmware	Up to lhs60.mr.p735

Running on/with	Platform Versions
Lexmark Xs79x	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X925 Firmware	Up to lhs60.hk.p735

Running on/with	Platform Versions
Lexmark X925	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs925 Firmware	Up to lhs60.hk.p735

Running on/with	Platform Versions
Lexmark Xs925	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X95x Firmware	Up to lhs60.tq.p735

Running on/with	Platform Versions
Lexmark X95x	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs95x Firmware	Up to lhs60.tq.p735

Running on/with	Platform Versions
Lexmark Xs95x	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark 6500e Firmware	Up to lhs60.jr.p735

Running on/with	Platform Versions
Lexmark 6500e	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C734 Firmware	Up to lr.sk.p822

Running on/with	Platform Versions
Lexmark C734	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C736 Firmware	Up to lr.ske.p822

Running on/with	Platform Versions
Lexmark C736	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark E46x Firmware	Up to lr.lbh.p822

Running on/with	Platform Versions
Lexmark E46x	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark T65x Firmware	Up to lr.jp.p822

Running on/with	Platform Versions
Lexmark T65x	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X46x Firmware	Up to lr.bs.p822

Running on/with	Platform Versions
Lexmark X46x	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X65x Firmware	Up to lr.mn.p822

Running on/with	Platform Versions
Lexmark X65x	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X73x Firmware	Up to lr.fl.p822

Running on/with	Platform Versions
Lexmark X73x	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark W850 Firmware	Up to lp.jb.p821

Running on/with	Platform Versions
Lexmark W850	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X86x Firmware	Up to lp.sp.p821

Running on/with	Platform Versions
Lexmark X86x	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US

Source: cve@mitre.org

Vendor Advisory

http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.