Sign-up

ID

VAR-202004-0106


CVE

CVE-2020-10093


TITLE

Lexmark Pro910 cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-27450 // CNNVD: CNNVD-202004-2245

DESCRIPTION

A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products. Lexmark Pro910 is a Pro910 printer from Lexmark. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-10093 // JVNDB: JVNDB-2020-004892 // CNVD: CNVD-2020-27450 // VULMON: CVE-2020-10093

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27450

AFFECTED PRODUCTS

vendor:lexmarkmodel:mx71xscope:lteversion:lw74.tu.p272

Trust: 1.0

vendor:lexmarkmodel:mx6500escope:lteversion:lw74.jd.p272

Trust: 1.0

vendor:lexmarkmodel:mx611scope:lteversion:lw74.sb7.p272

Trust: 1.0

vendor:lexmarkmodel:c736scope:lteversion:lr.ske.p824

Trust: 1.0

vendor:lexmarkmodel:ms317scope:lteversion:lw74.prl.p272

Trust: 1.0

vendor:lexmarkmodel:ms818scope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:ms310scope:lteversion:lw74.prl.p272

Trust: 1.0

vendor:lexmarkmodel:m3150dnscope:lteversion:lw74.pr2.p272

Trust: 1.0

vendor:lexmarkmodel:cs748scope:lteversion:lhs60.cm4.p737

Trust: 1.0

vendor:lexmarkmodel:c950scope:lteversion:lhs60.tp.p737

Trust: 1.0

vendor:lexmarkmodel:ms417scope:lteversion:lw74.tl2.p272

Trust: 1.0

vendor:lexmarkmodel:xm51xxscope:lteversion:lw74.tu.p272

Trust: 1.0

vendor:lexmarkmodel:m1145scope:lteversion:lw74.pr2.p272

Trust: 1.0

vendor:lexmarkmodel:w850scope:lteversion:lp.jb.p823

Trust: 1.0

vendor:lexmarkmodel:e46xscope:lteversion:lr.lbh.p824

Trust: 1.0

vendor:lexmarkmodel:xs79xscope:lteversion:lhs60.mr.p737

Trust: 1.0

vendor:lexmarkmodel:ms610dnscope:lteversion:lw74.pr2.p272

Trust: 1.0

vendor:lexmarkmodel:mx511scope:lteversion:lw74.sb4.p272

Trust: 1.0

vendor:lexmarkmodel:mx31xscope:lteversion:lw74.sb2.p272

Trust: 1.0

vendor:lexmarkmodel:cs796scope:lteversion:lhs60.hc.p737

Trust: 1.0

vendor:lexmarkmodel:ms410scope:lteversion:lw74.prl.p272

Trust: 1.0

vendor:lexmarkmodel:t65xscope:lteversion:lr.jp.p824

Trust: 1.0

vendor:lexmarkmodel:m5163dnscope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:mx91xscope:lteversion:lw74.mg.p272

Trust: 1.0

vendor:lexmarkmodel:m5155scope:lteversion:lw74.dn4.p272

Trust: 1.0

vendor:lexmarkmodel:xm3150scope:lteversion:lw74.sb7.p272

Trust: 1.0

vendor:lexmarkmodel:xc2132scope:lteversion:lw74.gm7.p272

Trust: 1.0

vendor:lexmarkmodel:x95xscope:lteversion:lhs60.tq.p737

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:lteversion:lw74.vy2.p272

Trust: 1.0

vendor:lexmarkmodel:ms810descope:lteversion:lw74.dn4.p272

Trust: 1.0

vendor:lexmarkmodel:ms810scope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:cx410scope:lteversion:lw74.gm4.p272

Trust: 1.0

vendor:lexmarkmodel:x548scope:lteversion:lhs60.vk.p737

Trust: 1.0

vendor:lexmarkmodel:xm1140scope:lteversion:lw74.sb4.p272

Trust: 1.0

vendor:lexmarkmodel:c746scope:lteversion:lhs60.cm2.p737

Trust: 1.0

vendor:lexmarkmodel:xs95xscope:lteversion:lhs60.tq.p737

Trust: 1.0

vendor:lexmarkmodel:m5163scope:lteversion:lw74.dn4.p272

Trust: 1.0

vendor:lexmarkmodel:x46xscope:lteversion:lr.bs.p824

Trust: 1.0

vendor:lexmarkmodel:6500escope:lteversion:lhs60.jr.p737

Trust: 1.0

vendor:lexmarkmodel:x925scope:lteversion:lhs60.hk.p737

Trust: 1.0

vendor:lexmarkmodel:xc2130scope:lteversion:lw74.gm4.p272

Trust: 1.0

vendor:lexmarkmodel:mx510scope:lteversion:lw74.sb4.p272

Trust: 1.0

vendor:lexmarkmodel:xm71xxscope:lteversion:lw74.tu.p272

Trust: 1.0

vendor:lexmarkmodel:ms812descope:lteversion:lw74.dn7.p272

Trust: 1.0

vendor:lexmarkmodel:ms415scope:lteversion:lw74.tl2.p272

Trust: 1.0

vendor:lexmarkmodel:ms91xscope:lteversion:lw74.sa.p272

Trust: 1.0

vendor:lexmarkmodel:xm1145scope:lteversion:lw74.sb4.p272

Trust: 1.0

vendor:lexmarkmodel:ms315scope:lteversion:lw74.tl2.p272

Trust: 1.0

vendor:lexmarkmodel:ms617scope:lteversion:lw74.pr2.p272

Trust: 1.0

vendor:lexmarkmodel:ms71xscope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:m1140scope:lteversion:lw74.prl.p272

Trust: 1.0

vendor:lexmarkmodel:xs548scope:lteversion:lhs60.vk.p737

Trust: 1.0

vendor:lexmarkmodel:c792scope:lteversion:lhs60.hc.p737

Trust: 1.0

vendor:lexmarkmodel:mx610scope:lteversion:lw74.sb7.p272

Trust: 1.0

vendor:lexmarkmodel:x74xscope:lteversion:lhs60.ny.p737

Trust: 1.0

vendor:lexmarkmodel:xm91xscope:lteversion:lw74.mg.p272

Trust: 1.0

vendor:lexmarkmodel:ms312scope:lteversion:lw74.prl.p272

Trust: 1.0

vendor:lexmarkmodel:ms610descope:lteversion:lw74.pr4.p272

Trust: 1.0

vendor:lexmarkmodel:cs31xscope:lteversion:lw74.vyl.p272

Trust: 1.0

vendor:lexmarkmodel:m3150scope:lteversion:lw74.pr4.p272

Trust: 1.0

vendor:lexmarkmodel:ms812scope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:mx81xscope:lteversion:lw74.tu.p272

Trust: 1.0

vendor:lexmarkmodel:x86xscope:lteversion:lp.sp.p823

Trust: 1.0

vendor:lexmarkmodel:mx410scope:lteversion:lw74.sb4.p272

Trust: 1.0

vendor:lexmarkmodel:x65xscope:lteversion:lr.mn.p824

Trust: 1.0

vendor:lexmarkmodel:m5170scope:lteversion:lw74.dn7.p272

Trust: 1.0

vendor:lexmarkmodel:xs925scope:lteversion:lhs60.hk.p737

Trust: 1.0

vendor:lexmarkmodel:c734scope:lteversion:lr.sk.p824

Trust: 1.0

vendor:lexmarkmodel:x73xscope:lteversion:lr.fl.p824

Trust: 1.0

vendor:lexmarkmodel:xm1135scope:lteversion:lw74.sb2.p272

Trust: 1.0

vendor:lexmarkmodel:x792scope:lteversion:lhs60.mr.p737

Trust: 1.0

vendor:lexmarkmodel:c925scope:lteversion:lhs60.hv.p737

Trust: 1.0

vendor:lexmarkmodel:ms811scope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:cx310scope:lteversion:lw74.gm2.p272

Trust: 1.0

vendor:lexmarkmodel:xs748scope:lteversion:lhs60.ny.p737

Trust: 1.0

vendor:lexmarkmodel:cs51xscope:lteversion:lw74.vy4.p272

Trust: 1.0

vendor:lexmarkmodel:c748scope:lteversion:lhs60.cm4.p737

Trust: 1.0

vendor:lexmarkmodel:cx510scope:lteversion:lw74.gm7.p272

Trust: 1.0

vendor:lexmarkmodel:ms51xscope:lteversion:lw74.pr2.p272

Trust: 1.0

vendor:lexmarkmodel:ms817scope:lteversion:lw74.dn2.p272

Trust: 1.0

vendor:lexmarkmodel:cs31xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms310scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:ms312scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:mx61xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:xc2130scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:pro910scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-27450 // JVNDB: JVNDB-2020-004892 // NVD: CVE-2020-10093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10093
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004892
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-27450
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2245
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-10093
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-10093
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004892
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27450
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10093
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004892
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27450 // VULMON: CVE-2020-10093 // JVNDB: JVNDB-2020-004892 // CNNVD: CNNVD-202004-2245 // NVD: CVE-2020-10093

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-004892 // NVD: CVE-2020-10093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2245

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-2245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004892

PATCH
title:Lexmark Security Advisory: Stored Cross Site Scripting Vulnerabilities (CVE-2020-10093, CVE-2020-10094)url:http://support.lexmark.com/index?page=content&id=TE936&locale=EN&userlocale=EN_US
Trust: 0.8
title:Patch for Lexmark Pro910 cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216995
Trust: 0.6
title:Lexmark Pro910 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117735
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-27450 // 
            
            
            
            JVNDB: JVNDB-2020-004892 // 
            
            
            
            CNNVD: CNNVD-202004-2245

EXTERNAL IDS
db:NVDid:CVE-2020-10093
Trust: 3.1
db:JVNDBid:JVNDB-2020-004892
Trust: 0.8
db:CNVDid:CNVD-2020-27450
Trust: 0.6
db:CNNVDid:CNNVD-202004-2245
Trust: 0.6
db:VULMONid:CVE-2020-10093
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27450 // 
            
            
            
            VULMON: CVE-2020-10093 // 
            
            
            
            JVNDB: JVNDB-2020-004892 // 
            
            
            
            CNNVD: CNNVD-202004-2245 // 
            
            
            
            NVD: CVE-2020-10093

REFERENCES
url:http://support.lexmark.com/index?page=content&id=te936
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-10093
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10093
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-10093 // 
            
            
            
            JVNDB: JVNDB-2020-004892 // 
            
            
            
            CNNVD: CNNVD-202004-2245 // 
            
            
            
            NVD: CVE-2020-10093

SOURCES
db:CNVDid:CNVD-2020-27450
db:VULMONid:CVE-2020-10093
db:JVNDBid:JVNDB-2020-004892
db:CNNVDid:CNNVD-202004-2245
db:NVDid:CVE-2020-10093

LAST UPDATE DATE
2024-11-23T22:37:26.172000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27450date:2020-05-09T00:00:00
db:VULMONid:CVE-2020-10093date:2020-05-05T00:00:00
db:JVNDBid:JVNDB-2020-004892date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2245date:2020-05-06T00:00:00
db:NVDid:CVE-2020-10093date:2024-11-21T04:54:47.750

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-27450date:2020-05-09T00:00:00
db:VULMONid:CVE-2020-10093date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004892date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-2245date:2020-04-28T00:00:00
db:NVDid:CVE-2020-10093date:2020-04-28T14:15:13.330