Strix
26.1K

CVE-2020-10094

MEDIUMCVSS 5.4/10EPSS 0.65%

Last modified

CVE-2020-10094 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.65%

46.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LexmarkCs31x Firmware<= lw74.vyl.p272
LexmarkCs41x Firmware<= lw74.vy2.p272
LexmarkCs51x Firmware<= lw74.vy4.p272
LexmarkCx310 Firmware<= lw74.gm2.p272
LexmarkCx410 Firmware<= lw74.gm4.p272
LexmarkXc2130 Firmware<= lw74.gm4.p272
LexmarkCx510 Firmware<= lw74.gm7.p272
LexmarkXc2132 Firmware<= lw74.gm7.p272
LexmarkMs310 Firmware<= lw74.prl.p272
LexmarkMs312 Firmware<= lw74.prl.p272
LexmarkMs317 Firmware<= lw74.prl.p272
LexmarkMs410 Firmware<= lw74.prl.p272
LexmarkM1140 Firmware<= lw74.prl.p272
LexmarkMs315 Firmware<= lw74.tl2.p272
LexmarkMs415 Firmware<= lw74.tl2.p272
LexmarkMs417 Firmware<= lw74.tl2.p272
LexmarkMs51x Firmware<= lw74.pr2.p272
LexmarkMs610dn Firmware<= lw74.pr2.p272
LexmarkMs617 Firmware<= lw74.pr2.p272
LexmarkM1145 Firmware<= lw74.pr2.p272
LexmarkM3150dn Firmware<= lw74.pr2.p272
LexmarkMs610de Firmware<= lw74.pr4.p272
LexmarkM3150 Firmware<= lw74.pr4.p272
LexmarkMs71x Firmware<= lw74.dn2.p272
LexmarkM5163dn Firmware<= lw74.dn2.p272
LexmarkMs810 Firmware<= lw74.dn2.p272
LexmarkMs811 Firmware<= lw74.dn2.p272
LexmarkMs812 Firmware<= lw74.dn2.p272
LexmarkMs817 Firmware<= lw74.dn2.p272
LexmarkMs818 Firmware<= lw74.dn2.p272
LexmarkMs810de Firmware<= lw74.dn4.p272
LexmarkM5155 Firmware<= lw74.dn4.p272
LexmarkM5163 Firmware<= lw74.dn4.p272
LexmarkMs812de Firmware<= lw74.dn7.p272
LexmarkM5170 Firmware<= lw74.dn7.p272
LexmarkMs91x Firmware<= lw74.sa.p272
LexmarkMx31x Firmware<= lw74.sb2.p272
LexmarkXm1135 Firmware<= lw74.sb2.p272
LexmarkMx410 Firmware<= lw74.sb4.p272
LexmarkMx510 Firmware<= lw74.sb4.p272
LexmarkMx511 Firmware<= lw74.sb4.p272
LexmarkXm1140 Firmware<= lw74.sb4.p272
LexmarkXm1145 Firmware<= lw74.sb4.p272
LexmarkMx610 Firmware<= lw74.sb7.p272
LexmarkMx611 Firmware<= lw74.sb7.p272
LexmarkXm3150 Firmware<= lw74.sb7.p272
LexmarkMx71x Firmware<= lw74.tu.p272
LexmarkMx81x Firmware<= lw74.tu.p272
LexmarkXm51xx Firmware<= lw74.tu.p272
LexmarkXm71xx Firmware<= lw74.tu.p272

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-10094?
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.
How severe is CVE-2020-10094?
CVE-2020-10094 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2020-10094?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10094?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST