Sign-up

ID

VAR-202003-0911


CVE

CVE-2019-19773


TITLE

plural Lexmark Cross-site scripting vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014799

DESCRIPTION

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. plural Lexmark The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. Lexmark CS31x, etc. are all printers of Lexmark Corporation. The vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-19773 // JVNDB: JVNDB-2019-014799 // CNVD: CNVD-2020-19522

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19522

AFFECTED PRODUCTS

vendor:lexmarkmodel:ms610dnscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:c950scope:lteversion:lhs60.tp.p735

Trust: 1.0

vendor:lexmarkmodel:x548scope:lteversion:lhs60.vk.p735

Trust: 1.0

vendor:lexmarkmodel:ms810scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:ms410scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:mx511scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:x65xscope:lteversion:lr.mn.p822

Trust: 1.0

vendor:lexmarkmodel:xm91xscope:lteversion:lw74.mg.p267

Trust: 1.0

vendor:lexmarkmodel:6500escope:lteversion:lhs60.jr.p735

Trust: 1.0

vendor:lexmarkmodel:cs51xscope:lteversion:lw74.vy4.p267

Trust: 1.0

vendor:lexmarkmodel:cs796scope:lteversion:lhs60.hc.p735

Trust: 1.0

vendor:lexmarkmodel:mx410scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:mx610scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:cs748scope:lteversion:lhs60.cm4.p735

Trust: 1.0

vendor:lexmarkmodel:cs31xscope:lteversion:lw74.vyl.p267

Trust: 1.0

vendor:lexmarkmodel:c734scope:lteversion:lr.sk.p822

Trust: 1.0

vendor:lexmarkmodel:t65xscope:lteversion:lr.jp.p822

Trust: 1.0

vendor:lexmarkmodel:ms812descope:lteversion:lw74.dn7.p267

Trust: 1.0

vendor:lexmarkmodel:mx91xscope:lteversion:lw74.mg.p267

Trust: 1.0

vendor:lexmarkmodel:e46xscope:lteversion:lr.lbh.p822

Trust: 1.0

vendor:lexmarkmodel:xc2130scope:lteversion:lw74.gm4.p267

Trust: 1.0

vendor:lexmarkmodel:xm71xxscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:ms71xscope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:m5155scope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:x95xscope:lteversion:lhs60.tq.p735

Trust: 1.0

vendor:lexmarkmodel:xm3150scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:ms810descope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:ms317scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:ms315scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:ms417scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw74.sb2.p267

Trust: 1.0

vendor:lexmarkmodel:xs95xscope:lteversion:lhs60.tq.p735

Trust: 1.0

vendor:lexmarkmodel:ms812scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:x74xscope:lteversion:lhs60.ny.p735

Trust: 1.0

vendor:lexmarkmodel:xs79xscope:lteversion:lhs60.mr.p735

Trust: 1.0

vendor:lexmarkmodel:m1140scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:ms617scope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:c748scope:lteversion:lhs60.cm4.p735

Trust: 1.0

vendor:lexmarkmodel:xm1145scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:xc2132scope:lteversion:lw74.gm7.p267

Trust: 1.0

vendor:lexmarkmodel:ms312scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:m5170scope:lteversion:lw74.dn7.p267

Trust: 1.0

vendor:lexmarkmodel:cx510scope:lteversion:lw74.gm7.p267

Trust: 1.0

vendor:lexmarkmodel:xm1135scope:lteversion:lw74.sb2.p267

Trust: 1.0

vendor:lexmarkmodel:c792scope:lteversion:lhs60.hc.p735

Trust: 1.0

vendor:lexmarkmodel:x792scope:lteversion:lhs60.mr.p735

Trust: 1.0

vendor:lexmarkmodel:c736scope:lteversion:lr.ske.p822

Trust: 1.0

vendor:lexmarkmodel:x86xscope:lteversion:lp.sp.p821

Trust: 1.0

vendor:lexmarkmodel:ms91xscope:lteversion:lw74.sa.p267

Trust: 1.0

vendor:lexmarkmodel:ms811scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:x46xscope:lteversion:lr.bs.p822

Trust: 1.0

vendor:lexmarkmodel:cx410scope:lteversion:lw74.gm4.p267

Trust: 1.0

vendor:lexmarkmodel:ms817scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:xs748scope:lteversion:lhs60.ny.p735

Trust: 1.0

vendor:lexmarkmodel:x73xscope:lteversion:lr.fl.p822

Trust: 1.0

vendor:lexmarkmodel:ms610descope:lteversion:lw74.pr4.p267

Trust: 1.0

vendor:lexmarkmodel:mx71xscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:ms818scope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:m3150scope:lteversion:lw74.pr4.p267

Trust: 1.0

vendor:lexmarkmodel:ms51xscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:ms415scope:lteversion:lw74.tl2.p267

Trust: 1.0

vendor:lexmarkmodel:c925scope:lteversion:lhs60.hv.p735

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw74.gm2.p267

Trust: 1.0

vendor:lexmarkmodel:xs925scope:lteversion:lhs60.hk.p735

Trust: 1.0

vendor:lexmarkmodel:xm1140scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:w850scope:lteversion:lp.jb.p821

Trust: 1.0

vendor:lexmarkmodel:xs548scope:lteversion:lhs60.vk.p735

Trust: 1.0

vendor:lexmarkmodel:c746scope:lteversion:lhs60.cm2.p731

Trust: 1.0

vendor:lexmarkmodel:ms310scope:lteversion:lw74.prl.p267

Trust: 1.0

vendor:lexmarkmodel:xm51xxscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:lteversion:lw74.vy2.p267

Trust: 1.0

vendor:lexmarkmodel:m3150dnscope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:mx510scope:lteversion:lw74.sb4.p267

Trust: 1.0

vendor:lexmarkmodel:m5163scope:lteversion:lw74.dn4.p267

Trust: 1.0

vendor:lexmarkmodel:m1145scope:lteversion:lw74.pr2.p267

Trust: 1.0

vendor:lexmarkmodel:mx6500escope:lteversion:lw74.jd.p267

Trust: 1.0

vendor:lexmarkmodel:x925scope:lteversion:lhs60.hk.p735

Trust: 1.0

vendor:lexmarkmodel:m5163dnscope:lteversion:lw74.dn2.p267

Trust: 1.0

vendor:lexmarkmodel:mx81xscope:lteversion:lw74.tu.p267

Trust: 1.0

vendor:lexmarkmodel:mx611scope:lteversion:lw74.sb7.p267

Trust: 1.0

vendor:lexmarkmodel:cs31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms312scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx61xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc2130scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs31x <=lw74.vyl.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs41x <=lw74.vy2.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs51x <=lw74.vy4.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cx310 <=lw74.gm2.p267scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c925 <=lhs60.hv.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c950 <=lhs60.tp.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:6500e <=lhs60.jr.p735scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c734 <=lr.sk.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:c736 <=lr.ske.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:t65x <=lr.jp.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:e46x <=lr.lbh.p822scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p231

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p228

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion: -

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p228

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p229

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p230

Trust: 0.6

vendor:lexmarkmodel:cs41xscope:eqversion:lw71.vy2.p229

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p233

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p234

Trust: 0.6

vendor:lexmarkmodel:cs31xscope:eqversion:lw71.vyl.p231

Trust: 0.6

sources: CNVD: CNVD-2020-19522 // JVNDB: JVNDB-2019-014799 // CNNVD: CNNVD-202003-255 // NVD: CVE-2019-19773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19773
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014799
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-19522
value: LOW

Trust: 0.6

CNNVD: CNNVD-202003-255
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-19773
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014799
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19522
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19773
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014799
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19522 // JVNDB: JVNDB-2019-014799 // CNNVD: CNNVD-202003-255 // NVD: CVE-2019-19773

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-014799 // NVD: CVE-2019-19773

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-255

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014799

PATCH
title:TE935url:http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US
Trust: 0.8
title:Patch for Multiple Lexmark product cross-site scripting vulnerabilities (CNVD-2020-19522)url:https://www.cnvd.org.cn/patchInfo/show/210937
Trust: 0.6
title:Multiple Lexmark Fixes for product cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111638
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19522 // 
            
            
            
            JVNDB: JVNDB-2019-014799 // 
            
            
            
            CNNVD: CNNVD-202003-255

EXTERNAL IDS
db:NVDid:CVE-2019-19773
Trust: 3.0
db:JVNDBid:JVNDB-2019-014799
Trust: 0.8
db:CNVDid:CNVD-2020-19522
Trust: 0.6
db:CNNVDid:CNNVD-202003-255
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19522 // 
            
            
            
            JVNDB: JVNDB-2019-014799 // 
            
            
            
            CNNVD: CNNVD-202003-255 // 
            
            
            
            NVD: CVE-2019-19773

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-19773
Trust: 2.0
url:http://support.lexmark.com/index?page=content&id=te935&locale=en&userlocale=en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19773
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-19522 // 
            
            
            
            JVNDB: JVNDB-2019-014799 // 
            
            
            
            CNNVD: CNNVD-202003-255 // 
            
            
            
            NVD: CVE-2019-19773

SOURCES
db:CNVDid:CNVD-2020-19522
db:JVNDBid:JVNDB-2019-014799
db:CNNVDid:CNNVD-202003-255
db:NVDid:CVE-2019-19773

LAST UPDATE DATE
2024-11-23T23:01:30.429000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19522date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014799date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-255date:2020-03-13T00:00:00
db:NVDid:CVE-2019-19773date:2024-11-21T04:35:21.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19522date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014799date:2020-03-18T00:00:00
db:CNNVDid:CNNVD-202003-255date:2020-03-06T00:00:00
db:NVDid:CVE-2019-19773date:2020-03-06T22:15:11.480