CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-7419 – SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-7419
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en "/sws/leftmenu.sws" en múltiples parámetros: ruiFw_id, ruiFw_pid y ruiFw_title. SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/28 http://www.samsung.com/Support/ProductSupport/download/index.aspx http://www.samsungprinter.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14908
https://notcve.org/view.php?id=CVE-2018-14908
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Samsung Syncthru Web Service V4.05.61 es vulnerable a Cross-Site Request Forgery (CSRF) en todas las peticiones, tal y como queda demostrado con sws.application/printinformation/printReportSetupView.sws para una acción "Print emails sent". • https://medium.com/stolabs/security-issues-on-samsung-syncthru-web-service-cc86467d2df • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14904
https://notcve.org/view.php?id=CVE-2018-14904
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Samsung Syncthru Web Service V4.05.61 es vulnerable a múltiples ataques XSS no autenticados en varios parámetros, tal y como queda demostrado con ruiFw_pid. • https://medium.com/stolabs/security-issues-on-samsung-syncthru-web-service-cc86467d2df • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •