Sign-up

ID

VAR-202003-0910


CVE

CVE-2019-19772


TITLE

plural Lexmark Cross-site scripting vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014798

DESCRIPTION

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. plural Lexmark The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. Lexmark CS31x, etc. are all printers of Lexmark Corporation. The vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-19772 // JVNDB: JVNDB-2019-014798 // CNVD: CNVD-2020-19525

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19525

AFFECTED PRODUCTS

vendor:lexmarkmodel:ms610dnscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:c950scope:lteversion:lhs60.tp.p735

Trust: 1.0

vendor:lexmarkmodel:x548scope:lteversion:lhs60.vk.p735

Trust: 1.0

vendor:lexmarkmodel:ms810scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:ms410scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:mx511scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:x65xscope:lteversion:lr.mn.p822

Trust: 1.0

vendor:lexmarkmodel:xm91xscope:lteversion:lw74.mg.p267

Trust: 1.0

vendor:lexmarkmodel:6500escope:lteversion:lhs60.jr.p735

Trust: 1.0

vendor:lexmarkmodel:cs51xscope:lteversion:lw74.vy4.p267

Trust: 1.0

vendor:lexmarkmodel:cs796scope:lteversion:lhs60.hc.p735

Trust: 1.0

vendor:lexmarkmodel:mx410scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:mx610scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:cs748scope:lteversion:lhs60.cm4.p735

Trust: 1.0

vendor:lexmarkmodel:cs31xscope:lteversion:lw74.vyl.p267

Trust: 1.0

vendor:lexmarkmodel:c734scope:lteversion:lr.sk.p822

Trust: 1.0

vendor:lexmarkmodel:t65xscope:lteversion:lr.jp.p822

Trust: 1.0

vendor:lexmarkmodel:ms812descope:lteversion:lw74.dn7.p267

Trust: 1.0

vendor:lexmarkmodel:mx91xscope:lteversion:lw74.mg.p267

Trust: 1.0

vendor:lexmarkmodel:e46xscope:lteversion:lr.lbh.p822

Trust: 1.0

vendor:lexmarkmodel:xc2130scope:lteversion:lw74.gm4.p267

Trust: 1.0

vendor:lexmarkmodel:xm71xxscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:ms71xscope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:m5155scope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:x95xscope:lteversion:lhs60.tq.p735

Trust: 1.0

vendor:lexmarkmodel:xm3150scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:ms810descope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:ms317scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:ms315scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:ms417scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw74.sb2.p267

Trust: 1.0

vendor:lexmarkmodel:xs95xscope:lteversion:lhs60.tq.p735

Trust: 1.0

vendor:lexmarkmodel:ms812scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:x74xscope:lteversion:lhs60.ny.p735

Trust: 1.0

vendor:lexmarkmodel:xs79xscope:lteversion:lhs60.mr.p735

Trust: 1.0

vendor:lexmarkmodel:m1140scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:ms617scope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:c748scope:lteversion:lhs60.cm4.p735

Trust: 1.0

vendor:lexmarkmodel:xm1145scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:xc2132scope:lteversion:lw74.gm7.p267

Trust: 1.0

vendor:lexmarkmodel:ms312scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:m5170scope:lteversion:lw74.dn7.p267

Trust: 1.0

vendor:lexmarkmodel:cx510scope:lteversion:lw74.gm7.p267

Trust: 1.0

vendor:lexmarkmodel:xm1135scope:lteversion:lw74.sb2.p267

Trust: 1.0

vendor:lexmarkmodel:c792scope:lteversion:lhs60.hc.p735

Trust: 1.0

vendor:lexmarkmodel:x792scope:lteversion:lhs60.mr.p735

Trust: 1.0

vendor:lexmarkmodel:c736scope:lteversion:lr.ske.p822

Trust: 1.0

vendor:lexmarkmodel:x86xscope:lteversion:lp.sp.p821

Trust: 1.0

vendor:lexmarkmodel:ms91xscope:lteversion:lw74.sa.p267

Trust: 1.0

vendor:lexmarkmodel:ms811scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:x46xscope:lteversion:lr.bs.p822

Trust: 1.0

vendor:lexmarkmodel:cx410scope:lteversion:lw74.gm4.p267

Trust: 1.0

vendor:lexmarkmodel:ms817scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:xs748scope:lteversion:lhs60.ny.p735

Trust: 1.0

vendor:lexmarkmodel:x73xscope:lteversion:lr.fl.p822

Trust: 1.0

vendor:lexmarkmodel:ms610descope:lteversion:lw74.pr4.p267

Trust: 1.0

vendor:lexmarkmodel:mx71xscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:ms818scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:m3150scope:lteversion:lw74.pr4.p267

Trust: 1.0

vendor:lexmarkmodel:ms51xscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:ms415scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:c925scope:lteversion:lhs60.hv.p735

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw74.gm2.p267

Trust: 1.0

vendor:lexmarkmodel:xs925scope:lteversion:lhs60.hk.p735

Trust: 1.0

vendor:lexmarkmodel:xm1140scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:w850scope:lteversion:lp.jb.p821

Trust: 1.0

vendor:lexmarkmodel:xs548scope:lteversion:lhs60.vk.p735

Trust: 1.0

vendor:lexmarkmodel:c746scope:lteversion:lhs60.cm2.p731

Trust: 1.0

vendor:lexmarkmodel:ms310scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:xm51xxscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:lteversion:lw74.vy2.p267

Trust: 1.0

vendor:lexmarkmodel:m3150dnscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:mx510scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:m5163scope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:m1145scope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:mx6500escope:lteversion:lw74.jd.p267

Trust: 1.0

vendor:lexmarkmodel:x925scope:lteversion:lhs60.hk.p735

Trust: 1.0

vendor:lexmarkmodel:m5163dnscope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:mx81xscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:mx611scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:cs31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms312scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx61xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc2130scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs31x <=lw74.vyl.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs41x <=lw74.vy2.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs51x <=lw74.vy4.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cx310 <=lw74.gm2.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c925 <=lhs60.hv.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c950 <=lhs60.tp.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:6500e <=lhs60.jr.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c734 <=lr.sk.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c736 <=lr.ske.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:t65x <=lr.jp.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:e46x <=lr.lbh.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p228

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion: -

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p228

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p229

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p230

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p229

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p230

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p233

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p234

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p231

Trust: 0.6

sources: CNVD: CNVD-2020-19525 // JVNDB: JVNDB-2019-014798 // CNNVD: CNNVD-202003-253 // NVD: CVE-2019-19772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19772
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014798
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19525
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-253
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-19772
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014798
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19525
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19772
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014798
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19525 // JVNDB: JVNDB-2019-014798 // CNNVD: CNNVD-202003-253 // NVD: CVE-2019-19772

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-014798 // NVD: CVE-2019-19772

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-253

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014798

PATCH
title:TE935url:http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US
Trust: 0.8
title:Patch for Multiple Lexmark product cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/210935
Trust: 0.6
title:Multiple Lexmark Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111637
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19525 // 
            
            
            
            JVNDB: JVNDB-2019-014798 // 
            
            
            
            CNNVD: CNNVD-202003-253

EXTERNAL IDS
db:NVDid:CVE-2019-19772
Trust: 3.0
db:JVNDBid:JVNDB-2019-014798
Trust: 0.8
db:CNVDid:CNVD-2020-19525
Trust: 0.6
db:CNNVDid:CNNVD-202003-253
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19525 // 
            
            
            
            JVNDB: JVNDB-2019-014798 // 
            
            
            
            CNNVD: CNNVD-202003-253 // 
            
            
            
            NVD: CVE-2019-19772

REFERENCES
url:http://support.lexmark.com/index?page=content&id=te935&locale=en&userlocale=en_us
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-19772
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19772
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-19525 // 
            
            
            
            JVNDB: JVNDB-2019-014798 // 
            
            
            
            CNNVD: CNNVD-202003-253 // 
            
            
            
            NVD: CVE-2019-19772

SOURCES
db:CNVDid:CNVD-2020-19525
db:JVNDBid:JVNDB-2019-014798
db:CNNVDid:CNNVD-202003-253
db:NVDid:CVE-2019-19772

LAST UPDATE DATE
2024-11-23T23:08:04.512000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19525date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014798date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-253date:2020-03-13T00:00:00
db:NVDid:CVE-2019-19772date:2024-11-21T04:35:21.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19525date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014798date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-253date:2020-03-06T00:00:00
db:NVDid:CVE-2019-19772date:2020-03-06T22:15:11.370