CVE-2019-12315 - OpenCVE

Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Scx-824 Firmware Scx-824

Configuration 1 [-]

AND

cpe:2.3:o:samsung:scx-824_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:scx-824:-:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/med0x2e/2715d32602ba688ea3bc239a3d5f8214	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-24T15:23:08

Updated: 2019-05-24T15:23:08

Reserved: 2019-05-24T00:00:00

Link: CVE-2019-12315

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-24T16:29:00.767

Modified: 2019-05-28T18:25:28.570

Link: CVE-2019-12315

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:scx-824_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCBA612E-AD42-4703-841C-0D5AEA92ACD2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:scx-824:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2D8A36A-BE53-4B02-8135-DE3C35563225", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the \"print from file\" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter."}, {"lang": "es", "value": "Las impresoras SCX-824 de Samsung, permiten una vulnerabilidad de tipo Cross-Site-Scripting (XSS) reflejada que puede ser activada al utilizar la funci\u00f3n \"print from file\", como lo demuestra el par\u00e1metro sws/swsAlert.sws?popupid=successMsg msg."}], "id": "CVE-2019-12315", "lastModified": "2019-05-28T18:25:28.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-24T16:29:00.767", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/med0x2e/2715d32602ba688ea3bc239a3d5f8214"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}