var-201402-0120
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Lexmark Laser Printers is a laser printer device. The Lexmark Laser Printers management web interface fails to properly filter the user input to the \"Location\" and \"Contact Name\" fields of the \"General Settings\" configuration page, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code when malicious data is viewed. Get sensitive information or hijack user sessions. Lexmark Laser Printers are prone to an HTML-injection vulnerability because they fail to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c52x",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "ls.fa.p150"
},
{
"model": "c53x",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "ls.sw.p069"
},
{
"model": "c920",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "ls.ta.p152"
},
{
"model": "c935dn",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "lc.jo.p091"
},
{
"model": "e250",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "le.pm.p126"
},
{
"model": "e350",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "le.ph.p129"
},
{
"model": "e450",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "lm.sz.p124"
},
{
"model": "t64x",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "ls.st.p343"
},
{
"model": "w840",
"scope": "lte",
"trust": 1.8,
"vendor": "lexmark",
"version": "ls.ha.p252"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer w840",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer c920",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer t64x",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer c53x",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer c935dn",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer c52x",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer e450",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer e350",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "laser printer e250",
"scope": null,
"trust": 0.6,
"vendor": "lexmark",
"version": null
},
{
"model": "e350",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "le.ph.p129"
},
{
"model": "e250",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "le.pm.p126"
},
{
"model": "c935dn",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "lc.jo.p091"
},
{
"model": "e450",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "lm.sz.p124"
},
{
"model": "c920",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "ls.ta.p152"
},
{
"model": "w840",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "ls.ha.p252"
},
{
"model": "c52x",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "ls.fa.p150"
},
{
"model": "t64x",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "ls.st.p343"
},
{
"model": "c53x",
"scope": "eq",
"trust": 0.6,
"vendor": "lexmark",
"version": "ls.sw.p069"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108062"
},
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lexmark:c52x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:c53x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:c920",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:c935dn",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:e250",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:e350",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:e450",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:t64x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lexmark:w840",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeff Popio",
"sources": [
{
"db": "BID",
"id": "65277"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-6033",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-00768",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6033",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-6033",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-00768",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-019",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks. Lexmark Laser Printers is a laser printer device. The Lexmark Laser Printers management web interface fails to properly filter the user input to the \\\"Location\\\" and \\\"Contact Name\\\" fields of the \\\"General Settings\\\" configuration page, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code when malicious data is viewed. Get sensitive information or hijack user sessions. Lexmark Laser Printers are prone to an HTML-injection vulnerability because they fail to sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6033"
},
{
"db": "CERT/CC",
"id": "VU#108062"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "BID",
"id": "65277"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#108062",
"trust": 3.8
},
{
"db": "NVD",
"id": "CVE-2013-6033",
"trust": 3.3
},
{
"db": "BID",
"id": "65277",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "102752",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU92568059",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-00768",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108062"
},
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "BID",
"id": "65277"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"id": "VAR-201402-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00768"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00768"
}
]
},
"last_update_date": "2024-11-23T22:13:50.001000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TE585 (HTML Vulnerability in \u0027Contact\u0027 and \u0027Location\u0027 Settings)",
"trust": 0.8,
"url": "http://support.lexmark.com/index?page=content\u0026id=TE585\u0026locale=EN\u0026userlocale=EN_US"
},
{
"title": "Lexmark Laser Printers HTML Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/108062"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/65277"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/102752"
},
{
"trust": 1.6,
"url": "http://support.lexmark.com/index?page=content\u0026id=te585"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6033"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92568059/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6033"
},
{
"trust": 0.3,
"url": "http://www.lexmark.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#108062"
},
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "BID",
"id": "65277"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#108062"
},
{
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"db": "BID",
"id": "65277"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#108062"
},
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"date": "2014-01-31T00:00:00",
"db": "BID",
"id": "65277"
},
{
"date": "2014-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"date": "2014-02-04T05:39:08.213000",
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#108062"
},
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00768"
},
{
"date": "2014-01-31T00:00:00",
"db": "BID",
"id": "65277"
},
{
"date": "2014-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005983"
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-019"
},
{
"date": "2024-11-21T01:58:39.473000",
"db": "NVD",
"id": "CVE-2013-6033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lexmark laser printers contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#108062"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-019"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.