CVE-2019-18791

Home/CVE/Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web

CVE

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

MEDIUM · CVSS 5.4 EPSS 0.00298

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

▤

Affected Products & Versions

lexmark cx31x firmware<= lw73.vyl.p263
lexmark cx41x firmware<= lw73.vy2.p263
lexmark cx310 firmware<= lw73.gm2.p263
lexmark ms310 firmware<= lw73.prl.p263
lexmark ms312 firmware<= lw73.prl.p263
lexmark ms317 firmware<= lw73.prl.p263
lexmark ms410 firmware<= lw73.prl.p263
lexmark m1140 firmware<= lw73.prl.p263
Show all 60 affected productslexmark ms315 firmware<= lw73.tl2.p263
lexmark ms415 firmware<= lw73.tl2.p263
lexmark ms417 firmware<= lw73.tl2.p263
lexmark ms51x firmware<= lw73.pr2.p263
lexmark ms610dn firmware<= lw73.pr2.p263
lexmark ms617 firmware<= lw73.pr2.p263
lexmark m1145 firmware<= lw73.pr2.p263
lexmark m3150dn firmware<= lw73.pr2.p263
lexmark ms71x firmware<= lw73.dn2.p263
lexmark m5163dn firmware<= lw73.dn2.p263
lexmark ms810 firmware<= lw73.dn2.p263
lexmark ms811 firmware<= lw73.dn2.p263
lexmark ms812 firmware<= lw73.dn2.p263
lexmark ms817 firmware<= lw73.dn2.p263
lexmark ms818 firmware<= lw73.dn2.p263
lexmark ms810de firmware<= lw73.dn4.p263
lexmark m5155 firmware<= lw73.dn4.p263
lexmark m5163 firmware<= lw73.dn4.p263
lexmark ms812de firmware<= lw73.dn7.p263
lexmark m5170 firmware<= lw73.dn7.p263
lexmark ms91x firmware<= lw73.sa.p263
lexmark mx31x firmware<= lw73.sb2.p263
lexmark xm1135 firmware<= lw73.sb2.p263
lexmark mx410 firmware<= lw73.sb4.p263
lexmark mx510 firmware<= lw73.sb4.p263
lexmark mx511 firmware<= lw73.sb4.p263
lexmark mx610 firmware<= lw73.sb7.p263
lexmark mx611 firmware<= lw73.sb7.p263
lexmark xm3150 firmware<= lw73.sb7.p263
lexmark mx71x firmware<= lw73.tu.p263
lexmark mx81x firmware<= lw73.tu.p263
lexmark xm51xx firmware<= lw73.tu.p263
lexmark xm71xx firmware<= lw73.tu.p263
lexmark mx91x firmware<= lw73.mg.p263
lexmark xm91x firmware<= lw73.mg.p263
lexmark mx6500e firmware<= lw73.jd.p263
lexmark c746 firmware<= lhs60.cm2.p731
lexmark c748 firmware<= lhs60.cm4.p731
lexmark cs748 firmware<= lhs60.cm4.p731
lexmark c792 firmware<= lhs60.hc.p731
lexmark cs796 firmware<= lhs60.hc.p731
lexmark c925 firmware<= lhs60.hv.p731
lexmark c950 firmware<= lhs60.tp.p731
lexmark x548 firmware<= lhs60.vk.p731
lexmark xs548 firmware<= lhs60.vk.p731
lexmark x74x firmware<= lhs60.ny.p731
lexmark xs748 firmware<= lhs60.ny.p731
lexmark x792 firmware<= lhs60.mr.p731
lexmark xs79x firmware<= lhs60.mr.p731
lexmark x925 firmware<= lhs60.hk.p731
lexmark xs925 firmware<= lhs60.hk.p731
lexmark x95x firmware<= lhs60.tq.p731

▣

Scoring & Timeline

5.4

MEDIUM · CVSS v3.1 · cve@mitre.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD13 Feb 2020 · 04:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://support.lexmark.com/alerts/Vendor Advisory

http://support.lexmark.com/index?page=content&id=TE933&modifiedDate=02/04/20&actp=LIST_RECENT&userlocale=EN_US&locale=enVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin