Jonatas Fil

**Name of the Vulnerable Software and Affected Versions** Bematech MP-4200 TH versions (affected versions not specified) **Description** The printer contains a cross-site scripting issue in the admin configuration page. Attackers can inject malicious scripts through crafted POST requests with malformed `admin` and `person` parameters, allowing the execution of arbitrary JavaScript in the context of an authenticated user's browser session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bematech MP-4200 TH printer (affected versions not specified) **Description** The Bematech MP-4200 TH printer has a denial of service issue in the admin configuration page. Remote attackers can send specially crafted POST requests with malformed `admin` and `person` parameters to the printer’s web service. This can cause the web service to crash, resulting in a denial of service. The affected API endpoint is the admin configuration page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.