CVE-2019-13198 — MEDIUM (6.1)

Vulnerability Description

The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Kyocera	Ecosys M5526Cdw Firmware	2r7_2000.001.701
Kyocera	Ecosys M5526Cdw	-

Related Weaknesses (CWE)

CWE-79

References

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory

FAQ

What is CVE-2019-13198?

CVE-2019-13198 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking o...

How severe is CVE-2019-13198?

CVE-2019-13198 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13198?

Check the references section above for vendor advisories and patch information. Affected products include: Kyocera Ecosys M5526Cdw Firmware, Kyocera Ecosys M5526Cdw.