CVE-2019-25356
Bematech Printer MP-4200 TH Cross-Site Scripting
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Bematech · MP-4200 TH¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://web.archive.org/web/20180814065516/https://www.bematech.com.br/https://www.exploit-db.com/exploits/47648https://www.legacyglobal.com/products/bematech-formerly-logic-controls-mp-4200-thermal-receipt-printer/?srsltid=AfmBOor3LXakwJp10bE_8n8YIBKrFPFGFc5DKrxdMGChGQ-Y24i8MVQahttps://www.vulncheck.com/advisories/bematech-printer-mp-th-cross-site-scripting