Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
x46x
CVE-2019-19773
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.
CVE-2019-10058
Various Lexmark products have Incorrect Access Control.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2021-44737
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.