CVE-2019-19773

Home/CVE/Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected p

CVE

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected p

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

MEDIUM · CVSS 5.4 EPSS 0.00352

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

▤

Affected Products & Versions

lexmark cs31x firmware<= lw74.vyl.p267
lexmark cs41x firmware<= lw74.vy2.p267
lexmark cs51x firmware<= lw74.vy4.p267
lexmark cx310 firmware<= lw74.gm2.p267
lexmark cx410 firmware<= lw74.gm4.p267
lexmark xc2130 firmware<= lw74.gm4.p267
lexmark cx510 firmware<= lw74.gm7.p267
lexmark xc2132 firmware<= lw74.gm7.p267
Show all 60 affected productslexmark ms310 firmware<= lw74.prl.p267
lexmark ms312 firmware<= lw74.prl.p267
lexmark ms317 firmware<= lw74.prl.p267
lexmark ms410 firmware<= lw74.prl.p267
lexmark m1140 firmware<= lw74.prl.p267
lexmark ms315 firmware<= lw74.tl2.p267
lexmark ms415 firmware<= lw74.tl2.p267
lexmark ms417 firmware<= lw74.tl2.p267
lexmark ms51x firmware<= lw74.pr2.p267
lexmark ms610dn firmware<= lw74.pr2.p267
lexmark ms617 firmware<= lw74.pr2.p267
lexmark m1145 firmware<= lw74.pr2.p267
lexmark m3150dn firmware<= lw74.pr2.p267
lexmark ms610de firmware<= lw74.pr4.p267
lexmark m3150 firmware<= lw74.pr4.p267
lexmark ms71x firmware<= lw74.dn2.p267
lexmark m5163dn firmware<= lw74.dn2.p267
lexmark ms810 firmware<= lw74.dn2.p267
lexmark ms811 firmware<= lw74.dn2.p267
lexmark ms812 firmware<= lw74.dn2.p267
lexmark ms817 firmware<= lw74.dn2.p267
lexmark ms818 firmware<= lw74.dn2.p267
lexmark ms810de firmware<= lw74.dn4.p267
lexmark m5155 firmware<= lw74.dn4.p267
lexmark m5163 firmware<= lw74.dn4.p267
lexmark ms812de firmware<= lw74.dn7.p267
lexmark m5170 firmware<= lw74.dn7.p267
lexmark ms91x firmware<= lw74.sa.p267
lexmark mx31x firmware<= lw74.sb2.p267
lexmark xm1135 firmware<= lw74.sb2.p267
lexmark mx410 firmware<= lw74.sb4.p267
lexmark mx510 firmware<= lw74.sb4.p267
lexmark mx511 firmware<= lw74.sb4.p267
lexmark xm1140 firmware<= lw74.sb4.p267
lexmark xm1145 firmware<= lw74.sb4.p267
lexmark mx610 firmware<= lw74.sb7.p267
lexmark mx611 firmware<= lw74.sb7.p267
lexmark xm3150 firmware<= lw74.sb7.p267
lexmark mx71x firmware<= lw74.tu.p267
lexmark mx81x firmware<= lw74.tu.p267
lexmark xm51xx firmware<= lw74.tu.p267
lexmark xm71xx firmware<= lw74.tu.p267
lexmark mx91x firmware<= lw74.mg.p267
lexmark xm91x firmware<= lw74.mg.p267
lexmark mx6500e firmware<= lw74.jd.p267
lexmark c746 firmware<= lhs60.cm2.p731
lexmark c748 firmware<= lhs60.cm4.p735
lexmark cs748 firmware<= lhs60.cm4.p735
lexmark c792 firmware<= lhs60.hc.p735
lexmark cs796 firmware<= lhs60.hc.p735
lexmark c925 firmware<= lhs60.hv.p735
lexmark c950 firmware<= lhs60.tp.p735

▣

Scoring & Timeline

5.4

MEDIUM · CVSS v3.1 · cve@mitre.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD06 Mar 2020 · 10:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_USVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin