CVE-2013-6033

Severity Score

3.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

Múltiples vulnerabilidades de XSS en impresoras Lexmark W840 hasta LS.HA.P252, T64x anterior a LS.ST.P344, C935dn hasta LC.JO.P091, C920 hasta LS.TA.P152, C53x hasta LS.SW.P069, C52x hasta LS.FA.P150, E450 hasta LM.SZ.P124, E350 hasta LE.PH.P129 y E250 hasta LE.PM.P126 permiten a usuarios remotos autenticados inyectar script Web o HTML arbitrario usando (1) SNMP o (2) Embedded Web Server (EWS) para establecer los campos (a) Contact o (b) Location.

*Credits: N/A

CVSS Scores

NISTv2 3.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-10-04 CVE Reserved
2014-02-04 CVE Published
2023-12-17 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/108062	Third Party Advisory
http://www.osvdb.org/102752	Vdb Entry
http://www.securityfocus.com/bid/65277	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.lexmark.com/index?page=content&id=TE585	2014-02-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lexmark Search vendor "Lexmark"		C52x Search vendor "Lexmark" for product "C52x"				<= ls.fa.p150 Search vendor "Lexmark" for product "C52x" and version " <= ls.fa.p150"		-		Affected
Lexmark Search vendor "Lexmark"		C53x Search vendor "Lexmark" for product "C53x"				<= ls.sw.p069 Search vendor "Lexmark" for product "C53x" and version " <= ls.sw.p069"		-		Affected
Lexmark Search vendor "Lexmark"		C920 Search vendor "Lexmark" for product "C920"				<= ls.ta.p152 Search vendor "Lexmark" for product "C920" and version " <= ls.ta.p152"		-		Affected
Lexmark Search vendor "Lexmark"		C935dn Search vendor "Lexmark" for product "C935dn"				<= lc.jo.p091 Search vendor "Lexmark" for product "C935dn" and version " <= lc.jo.p091"		-		Affected
Lexmark Search vendor "Lexmark"		E250 Search vendor "Lexmark" for product "E250"				<= le.pm.p126 Search vendor "Lexmark" for product "E250" and version " <= le.pm.p126"		-		Affected
Lexmark Search vendor "Lexmark"		E350 Search vendor "Lexmark" for product "E350"				<= le.ph.p129 Search vendor "Lexmark" for product "E350" and version " <= le.ph.p129"		-		Affected
Lexmark Search vendor "Lexmark"		E450 Search vendor "Lexmark" for product "E450"				<= lm.sz.p124 Search vendor "Lexmark" for product "E450" and version " <= lm.sz.p124"		-		Affected
Lexmark Search vendor "Lexmark"		T64x Search vendor "Lexmark" for product "T64x"				<= ls.st.p343 Search vendor "Lexmark" for product "T64x" and version " <= ls.st.p343"		-		Affected
Lexmark Search vendor "Lexmark"		W840 Search vendor "Lexmark" for product "W840"				<= ls.ha.p252 Search vendor "Lexmark" for product "W840" and version " <= ls.ha.p252"		-		Affected