CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2013-6032
https://notcve.org/view.php?id=CVE-2013-6032
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. cgi-bin/postpf/cgi-bin/dynamic/config/config.html en impresoras Lexmark X94x anterior a LC.BR.P142, X85x hasta LC4.BE.P487, X644 y X646 anterior a LC2.MC.P374, X642 hasta LC2.MB.P318, W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, X64xef hasta LC2.TI.P325, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C78x hasta LC.IO.P187, X78x hasta LC2.IO.P335, C77x hasta LC.CM.P052, X772 hasta LC2.TR.P291, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, 25xxN hasta LCL.CU.P114, N4000 hasta LC.MD.P119, N4050e hasta GO.GO.N206, N70xxe hasta LC.CO.N309, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permite a atacantes remotos eliminar la contraseña administrativa a través del parámetro vac.255.GENPASSWORD. • http://support.lexmark.com/index?page=content&id=TE586 http://www.kb.cert.org/vuls/id/108062 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6033
https://notcve.org/view.php?id=CVE-2013-6033
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. Múltiples vulnerabilidades de XSS en impresoras Lexmark W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrario usando (1) SNMP o (2) Embedded Web Server (EWS) para establecer los campos (a) Contact o (b) Location. • http://support.lexmark.com/index?page=content&id=TE585 http://www.kb.cert.org/vuls/id/108062 http://www.osvdb.org/102752 http://www.securityfocus.com/bid/65277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •