CVE-2019-25356
Bematech Printer MP-4200 TH Cross-Site Scripting
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Bematech · MP-4200 THQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://web.archive.org/web/20180814065516/https://www.bematech.com.br/https://www.exploit-db.com/exploits/47648https://www.legacyglobal.com/products/bematech-formerly-logic-controls-mp-4200-thermal-receipt-printer/?srsltid=AfmBOor3LXakwJp10bE_8n8YIBKrFPFGFc5DKrxdMGChGQ-Y24i8MVQahttps://www.vulncheck.com/advisories/bematech-printer-mp-th-cross-site-scripting