CVE-2013-6033: XSS
First published: Tue Feb 04 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lexmark C52x | <=ls.fa.p150 | |
| Lexmark C53x | <=ls.sw.p069 | |
| Lexmark C920 | <=ls.ta.p152 | |
| Lexmark C935dn | <=lc.jo.p091 | |
| Lexmark E250 | <=le.pm.p126 | |
| Lexmark E350 | <=le.ph.p129 | |
| Lexmark E450 | <=lm.sz.p124 | |
| Lexmark T64x | <=ls.st.p343 | |
| Lexmark W840 | <=ls.ha.p252 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lexmark
- canonical/lexmark c52x
- version/lexmark c52x/ls.fa.p150
- canonical/lexmark c53x
- version/lexmark c53x/ls.sw.p069
- canonical/lexmark c920
- version/lexmark c920/ls.ta.p152
- canonical/lexmark c935dn
- version/lexmark c935dn/lc.jo.p091
- canonical/lexmark e250
- version/lexmark e250/le.pm.p126
- canonical/lexmark e350
- version/lexmark e350/le.ph.p129
- canonical/lexmark e450
- version/lexmark e450/lm.sz.p124
- canonical/lexmark t64x
- version/lexmark t64x/ls.st.p343
- canonical/lexmark w840
- version/lexmark w840/ls.ha.p252