CVE-2019-18791

CVSS V2 Low 3.5 CVSS V3 Medium 5.4
Description
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.
Overview
  • CVE ID
  • CVE-2019-18791
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-02-13T16:15:11
  • Last Modified Date
  • 2020-02-20T21:24:25
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:lexmark:cx31x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.vyl.p263
cpe:2.3:h:lexmark:cx31x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cx41x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.vy2.p263
cpe:2.3:h:lexmark:cx41x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:* 1 OR lw73.gm2.p263
cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:* 1 OR lw73.prl.p263
cpe:2.3:h:lexmark:ms310:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:* 1 OR lw73.prl.p263
cpe:2.3:h:lexmark:ms312:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms317_firmware:*:*:*:*:*:*:*:* 1 OR lw73.prl.p263
cpe:2.3:h:lexmark:ms317:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms410_firmware:*:*:*:*:*:*:*:* 1 OR lw73.prl.p263
cpe:2.3:h:lexmark:ms410:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:* 1 OR lw73.prl.p263
cpe:2.3:h:lexmark:m1140:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tl2.p263
cpe:2.3:h:lexmark:ms315:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms415_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tl2.p263
cpe:2.3:h:lexmark:ms415:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms417_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tl2.p263
cpe:2.3:h:lexmark:ms417:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms51x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr2.p263
cpe:2.3:h:lexmark:ms51x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms610dn_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr2.p263
cpe:2.3:h:lexmark:ms610dn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms617_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr2.p263
cpe:2.3:h:lexmark:ms617:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr2.p263
cpe:2.3:h:lexmark:m1145:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr2.p263
cpe:2.3:h:lexmark:m3150dn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms71x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms71x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:m5163dn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms810_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms810:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms811_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms811:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms812_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms812:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms817_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms817:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms818_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn2.p263
cpe:2.3:h:lexmark:ms818:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn4.p263
cpe:2.3:h:lexmark:ms810de:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn4.p263
cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m5163_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn4.p263
cpe:2.3:h:lexmark:m5163:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn7.p263
cpe:2.3:h:lexmark:ms812de:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:* 1 OR lw73.dn7.p263
cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms91x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sa.p263
cpe:2.3:h:lexmark:ms91x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx31x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb2.p263
cpe:2.3:h:lexmark:mx31x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm1135_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb2.p263
cpe:2.3:h:lexmark:xm1135:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb4.p263
cpe:2.3:h:lexmark:mx410:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb4.p263
cpe:2.3:h:lexmark:mx510:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb4.p263
cpe:2.3:h:lexmark:mx511:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb7.p263
cpe:2.3:h:lexmark:mx610:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb7.p263
cpe:2.3:h:lexmark:mx611:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb7.p263
cpe:2.3:h:lexmark:xm3150:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx71x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tu.p263
cpe:2.3:h:lexmark:mx71x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx81x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tu.p263
cpe:2.3:h:lexmark:mx81x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm51xx_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tu.p263
cpe:2.3:h:lexmark:xm51xx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm71xx_firmware:*:*:*:*:*:*:*:* 1 OR lw73.tu.p263
cpe:2.3:h:lexmark:xm71xx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx91x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.mg.p263
cpe:2.3:h:lexmark:mx91x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm91x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.mg.p263
cpe:2.3:h:lexmark:xm91x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:mx6500e_firmware:*:*:*:*:*:*:*:* 1 OR lw73.jd.p263
cpe:2.3:h:lexmark:mx6500e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c746_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.cm2.p731
cpe:2.3:h:lexmark:c746:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c748_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.cm4.p731
cpe:2.3:h:lexmark:c748:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cs748_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.cm4.p731
cpe:2.3:h:lexmark:cs748:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c792_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.hc.p731
cpe:2.3:h:lexmark:c792:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cs796_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.hc.p731
cpe:2.3:h:lexmark:cs796:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c925_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.hv.p731
cpe:2.3:h:lexmark:c925:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c950_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.tp.p731
cpe:2.3:h:lexmark:c950:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x548_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.vk.p731
cpe:2.3:h:lexmark:x548:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xs548_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.vk.p731
cpe:2.3:h:lexmark:xs548:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x74x_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.ny.p731
cpe:2.3:h:lexmark:x74x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xs748_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.ny.p731
cpe:2.3:h:lexmark:xs748:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x792_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.mr.p731
cpe:2.3:h:lexmark:x792:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xs79x_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.mr.p731
cpe:2.3:h:lexmark:xs79x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x925_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.hk.p731
cpe:2.3:h:lexmark:x925:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xs925_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.hk.p731
cpe:2.3:h:lexmark:xs925:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x95x_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.tq.p731
cpe:2.3:h:lexmark:x95x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xs95x_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.tq.p731
cpe:2.3:h:lexmark:xs95x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:6500e_firmware:*:*:*:*:*:*:*:* 1 OR lhs60.jr.p731
cpe:2.3:h:lexmark:6500e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c734_firmware:*:*:*:*:*:*:*:* 1 OR lr.sk.p822
cpe:2.3:h:lexmark:c734:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:c736_firmware:*:*:*:*:*:*:*:* 1 OR lr.ske.p822
cpe:2.3:h:lexmark:c736:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:e46x_firmware:*:*:*:*:*:*:*:* 1 OR lr.lbh.p822
cpe:2.3:h:lexmark:e46x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:t65x_firmware:*:*:*:*:*:*:*:* 1 OR lr.jp.p822
cpe:2.3:h:lexmark:t65x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x46x_firmware:*:*:*:*:*:*:*:* 1 OR lr.bs.p822
cpe:2.3:h:lexmark:x46x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x65x_firmware:*:*:*:*:*:*:*:* 1 OR lr.mn.p822
cpe:2.3:h:lexmark:x65x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x73x_firmware:*:*:*:*:*:*:*:* 1 OR lr.fl.p822
cpe:2.3:h:lexmark:x73x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:w850_firmware:*:*:*:*:*:*:*:* 1 OR lp.jb.p821
cpe:2.3:h:lexmark:w850:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:x86x_firmware:*:*:*:*:*:*:*:* 1 OR lp.sp.p821
cpe:2.3:h:lexmark:x86x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:* 1 OR lw73.gm4.p263
cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xc2130_firmware:*:*:*:*:*:*:*:* 1 OR lw73.gm4.p263
cpe:2.3:h:lexmark:xc2130:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:* 1 OR lw73.gm7.p263
cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:* 1 OR lw73.gm7.p263
cpe:2.3:h:lexmark:xc2132:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:cx51x_firmware:*:*:*:*:*:*:*:* 1 OR lw73.vy4.p263
cpe:2.3:h:lexmark:cx51x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr4.p263
cpe:2.3:h:lexmark:ms610de:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:m3150_firmware:*:*:*:*:*:*:*:* 1 OR lw73.pr4.p263
cpe:2.3:h:lexmark:m3150:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm1140_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb4.p263
cpe:2.3:h:lexmark:xm1140:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:* 1 OR lw73.sb4.p263
cpe:2.3:h:lexmark:xm1145:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 3.5
  • Severity
  • LOW
  • Exploitability Score
  • 6.8
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 5.4
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.3
  • Impact Score
  • 2.7
History
Created Old Value New Value Data Type Notes
2022-05-10 16:49:17 Added to TrackCVE
2022-12-04 11:18:27 2020-02-13T16:15Z 2020-02-13T16:15:11 CVE Published Date updated
2022-12-04 11:18:27 2020-02-20T21:24:25 CVE Modified Date updated
2022-12-04 11:18:27 Analyzed Vulnerability Status updated