CVE-2013-6033

2014-02-0405:39:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-6033

cross-site scripting

xss

lexmark

printers

snmp

ews

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

Affected configurations

NVD

Node

lexmarkc52xRange≤ls.fa.p150

lexmarkc53xRange≤ls.sw.p069

lexmarkc920Range≤ls.ta.p152

lexmarkc935dnRange≤lc.jo.p091

lexmarke250Range≤le.pm.p126

lexmarke350Range≤le.ph.p129

lexmarke450Range≤lm.sz.p124

lexmarkt64xRange≤ls.st.p343

lexmarkw840Range≤ls.ha.p252

CPENameOperatorVersion
lexmark:c52xlexmark c52xlels.fa.p150
lexmark:c53xlexmark c53xlels.sw.p069
lexmark:c920lexmark c920lels.ta.p152
lexmark:c935dnlexmark c935dnlelc.jo.p091
lexmark:e250lexmark e250lele.pm.p126
lexmark:e350lexmark e350lele.ph.p129
lexmark:e450lexmark e450lelm.sz.p124
lexmark:t64xlexmark t64xlels.st.p343
lexmark:w840lexmark w840lels.ha.p252

CPE	Name	Operator	Version
lexmark:c52x	lexmark c52x	le	ls.fa.p150
lexmark:c53x	lexmark c53x	le	ls.sw.p069
lexmark:c920	lexmark c920	le	ls.ta.p152
lexmark:c935dn	lexmark c935dn	le	lc.jo.p091
lexmark:e250	lexmark e250	le	le.pm.p126
lexmark:e350	lexmark e350	le	le.ph.p129
lexmark:e450	lexmark e450	le	lm.sz.p124
lexmark:t64x	lexmark t64x	le	ls.st.p343
lexmark:w840	lexmark w840	le	ls.ha.p252