CVE-2019-19832

Name of the Vulnerable Software and Affected Versions Xerox AltaLink C8035 printers (affected versions not specified)

Description The issue allows for Cross-Site Request Forgery (CSRF) attacks. It involves making a request to add users via the Device User Database form field to the "xerox.set" URI. The frmUserName value must have a unique name to exploit this issue.

Recommendations For Xerox AltaLink C8035 printers, as a temporary workaround, consider restricting access to the Device User Database form field until a patch is available. Avoid using the frmUserName value in the affected URI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.