CVE-2013-6033

CVSS V2 Low 3.5 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
Overview
  • CVE ID
  • CVE-2013-6033
  • Assigner
  • cret@cert.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-02-04T05:39:08
  • Last Modified Date
  • 2014-02-04T15:37:30
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:h:lexmark:c52x:*:*:*:*:*:*:*:* 1 OR ls.fa.p150
cpe:2.3:h:lexmark:c53x:*:*:*:*:*:*:*:* 1 OR ls.sw.p069
cpe:2.3:h:lexmark:c920:*:*:*:*:*:*:*:* 1 OR ls.ta.p152
cpe:2.3:h:lexmark:c935dn:*:*:*:*:*:*:*:* 1 OR lc.jo.p091
cpe:2.3:h:lexmark:e250:*:*:*:*:*:*:*:* 1 OR le.pm.p126
cpe:2.3:h:lexmark:e350:*:*:*:*:*:*:*:* 1 OR le.ph.p129
cpe:2.3:h:lexmark:e450:*:*:*:*:*:*:*:* 1 OR lm.sz.p124
cpe:2.3:h:lexmark:t64x:*:*:*:*:*:*:*:* 1 OR ls.st.p343
cpe:2.3:h:lexmark:w840:*:*:*:*:*:*:*:* 1 OR ls.ha.p252
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 3.5
  • Severity
  • LOW
  • Exploitability Score
  • 6.8
  • Impact Score
  • 2.9
History
Created Old Value New Value Data Type Notes
2022-05-10 10:38:24 Added to TrackCVE
2022-12-01 21:46:13 cert@cert.org cret@cert.org CVE Assigner updated
2022-12-01 21:46:13 2014-02-04T05:39Z 2014-02-04T05:39:08 CVE Published Date updated
2022-12-01 21:46:13 2014-02-04T15:37:30 CVE Modified Date updated
2022-12-01 21:46:13 Analyzed Vulnerability Status updated