CVE-2013-6033

Name of the Vulnerable Software and Affected Versions Lexmark W840 versions through LS.HA.P252 Lexmark T64x versions prior to LS.ST.P344 Lexmark C935dn versions through LC.JO.P091 Lexmark C920 versions through LS.TA.P152 Lexmark C53x versions through LS.SW.P069 Lexmark C52x versions through LS.FA.P150 Lexmark E450 versions through LM.SZ.P124 Lexmark E350 versions through LE.PH.P129 Lexmark E250 versions through LE.PM.P126

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved by using either SNMP or the Embedded Web Server (EWS) to set specific fields, including the Contact or Location field.

Recommendations For Lexmark W840 versions through LS.HA.P252, update to a version after LS.HA.P252 to resolve the issue. For Lexmark T64x versions prior to LS.ST.P344, update to LS.ST.P344 or later to fix the problem. For Lexmark C935dn versions through LC.JO.P091, update to a version after LC.JO.P091 to mitigate the risk. For Lexmark C920 versions through LS.TA.P152, update to a version after LS.TA.P152 to resolve the issue. For Lexmark C53x versions through LS.SW.P069, update to a version after LS.SW.P069 to fix the problem. For Lexmark C52x versions through LS.FA.P150, update to a version after LS.FA.P150 to mitigate the risk. For Lexmark E450 versions through LM.SZ.P124, update to a version after LM.SZ.P124 to resolve the issue. For Lexmark E350 versions through LE.PH.P129, update to a version after LE.PH.P129 to fix the problem. For Lexmark E250 versions through LE.PM.P126, update to a version after LE.PM.P126 to mitigate the risk.