CVE-2020-10094 [Medium] | XSS in Cs31x Firmware

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-21	0.34%	0.35%	+0.01%
2	2025-11-18	0.35%	0.34%	-0.01%
3	2025-03-17	—	0.35%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-11-21

0.34%

0.35%

+0.01%

2025-11-18

0.35%

0.34%

-0.01%

2025-03-17

—

0.35%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.4	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:R) A real person has to do something—click, install, enable—otherwise it doesn’t land. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:N) Service keeps running; no real outage angle.	2.3	2.7	[email protected]
3.5	2.0	LOW	`AV:N/AC:M/Au:S/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	6.8	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.4

3.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:R): A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:L): Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N): Service keeps running; no real outage angle.

2.3

2.7

[email protected]

3.5

2.0

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

6.8

2.9

[email protected]

Affected software / configurations for CVE-2020-10094

Vendor	Product	Version	Raw CPE
lexmark	cs31x_firmware	<= lw74.vyl.p272	cpe:2.3:o:lexmark:cs31x_firmware::::::::
lexmark	cs41x_firmware	<= lw74.vy2.p272	cpe:2.3:o:lexmark:cs41x_firmware::::::::
lexmark	cs51x_firmware	<= lw74.vy4.p272	cpe:2.3:o:lexmark:cs51x_firmware::::::::
lexmark	cx310_firmware	<= lw74.gm2.p272	cpe:2.3:o:lexmark:cx310_firmware::::::::
lexmark	cx410_firmware	<= lw74.gm4.p272	cpe:2.3:o:lexmark:cx410_firmware::::::::
lexmark	xc2130_firmware	<= lw74.gm4.p272	cpe:2.3:o:lexmark:xc2130_firmware::::::::
lexmark	cx510_firmware	<= lw74.gm7.p272	cpe:2.3:o:lexmark:cx510_firmware::::::::
lexmark	xc2132_firmware	<= lw74.gm7.p272	cpe:2.3:o:lexmark:xc2132_firmware::::::::
lexmark	ms310_firmware	<= lw74.prl.p272	cpe:2.3:o:lexmark:ms310_firmware::::::::
lexmark	ms312_firmware	<= lw74.prl.p272	cpe:2.3:o:lexmark:ms312_firmware::::::::
lexmark	ms317_firmware	<= lw74.prl.p272	cpe:2.3:o:lexmark:ms317_firmware::::::::
lexmark	ms410_firmware	<= lw74.prl.p272	cpe:2.3:o:lexmark:ms410_firmware::::::::
lexmark	m1140_firmware	<= lw74.prl.p272	cpe:2.3:o:lexmark:m1140_firmware::::::::
lexmark	ms315_firmware	<= lw74.tl2.p272	cpe:2.3:o:lexmark:ms315_firmware::::::::
lexmark	ms415_firmware	<= lw74.tl2.p272	cpe:2.3:o:lexmark:ms415_firmware::::::::
lexmark	ms417_firmware	<= lw74.tl2.p272	cpe:2.3:o:lexmark:ms417_firmware::::::::
lexmark	ms51x_firmware	<= lw74.pr2.p272	cpe:2.3:o:lexmark:ms51x_firmware::::::::
lexmark	ms610dn_firmware	<= lw74.pr2.p272	cpe:2.3:o:lexmark:ms610dn_firmware::::::::
lexmark	ms617_firmware	<= lw74.pr2.p272	cpe:2.3:o:lexmark:ms617_firmware::::::::
lexmark	m1145_firmware	<= lw74.pr2.p272	cpe:2.3:o:lexmark:m1145_firmware::::::::
lexmark	m3150dn_firmware	<= lw74.pr2.p272	cpe:2.3:o:lexmark:m3150dn_firmware::::::::
lexmark	ms610de_firmware	<= lw74.pr4.p272	cpe:2.3:o:lexmark:ms610de_firmware::::::::
lexmark	m3150_firmware	<= lw74.pr4.p272	cpe:2.3:o:lexmark:m3150_firmware::::::::
lexmark	ms71x_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms71x_firmware::::::::
lexmark	m5163dn_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:m5163dn_firmware::::::::
lexmark	ms810_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms810_firmware::::::::
lexmark	ms811_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms811_firmware::::::::
lexmark	ms812_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms812_firmware::::::::
lexmark	ms817_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms817_firmware::::::::
lexmark	ms818_firmware	<= lw74.dn2.p272	cpe:2.3:o:lexmark:ms818_firmware::::::::
lexmark	ms810de_firmware	<= lw74.dn4.p272	cpe:2.3:o:lexmark:ms810de_firmware::::::::
lexmark	m5155_firmware	<= lw74.dn4.p272	cpe:2.3:o:lexmark:m5155_firmware::::::::
lexmark	m5163_firmware	<= lw74.dn4.p272	cpe:2.3:o:lexmark:m5163_firmware::::::::
lexmark	ms812de_firmware	<= lw74.dn7.p272	cpe:2.3:o:lexmark:ms812de_firmware::::::::
lexmark	m5170_firmware	<= lw74.dn7.p272	cpe:2.3:o:lexmark:m5170_firmware::::::::
lexmark	ms91x_firmware	<= lw74.sa.p272	cpe:2.3:o:lexmark:ms91x_firmware::::::::
lexmark	mx31x_firmware	<= lw74.sb2.p272	cpe:2.3:o:lexmark:mx31x_firmware::::::::
lexmark	xm1135_firmware	<= lw74.sb2.p272	cpe:2.3:o:lexmark:xm1135_firmware::::::::
lexmark	mx410_firmware	<= lw74.sb4.p272	cpe:2.3:o:lexmark:mx410_firmware::::::::
lexmark	mx510_firmware	<= lw74.sb4.p272	cpe:2.3:o:lexmark:mx510_firmware::::::::
lexmark	mx511_firmware	<= lw74.sb4.p272	cpe:2.3:o:lexmark:mx511_firmware::::::::
lexmark	xm1140_firmware	<= lw74.sb4.p272	cpe:2.3:o:lexmark:xm1140_firmware::::::::
lexmark	xm1145_firmware	<= lw74.sb4.p272	cpe:2.3:o:lexmark:xm1145_firmware::::::::
lexmark	mx610_firmware	<= lw74.sb7.p272	cpe:2.3:o:lexmark:mx610_firmware::::::::
lexmark	mx611_firmware	<= lw74.sb7.p272	cpe:2.3:o:lexmark:mx611_firmware::::::::
lexmark	xm3150_firmware	<= lw74.sb7.p272	cpe:2.3:o:lexmark:xm3150_firmware::::::::
lexmark	mx71x_firmware	<= lw74.tu.p272	cpe:2.3:o:lexmark:mx71x_firmware::::::::
lexmark	mx81x_firmware	<= lw74.tu.p272	cpe:2.3:o:lexmark:mx81x_firmware::::::::
lexmark	xm51xx_firmware	<= lw74.tu.p272	cpe:2.3:o:lexmark:xm51xx_firmware::::::::
lexmark	xm71xx_firmware	<= lw74.tu.p272	cpe:2.3:o:lexmark:xm71xx_firmware::::::::
lexmark	mx91x_firmware	<= lw74.mg.p272	cpe:2.3:o:lexmark:mx91x_firmware::::::::
lexmark	xm91x_firmware	<= lw74.mg.p272	cpe:2.3:o:lexmark:xm91x_firmware::::::::
lexmark	mx6500e_firmware	<= lw74.jd.p272	cpe:2.3:o:lexmark:mx6500e_firmware::::::::
lexmark	c746_firmware	<= lhs60.cm2.p737	cpe:2.3:o:lexmark:c746_firmware::::::::
lexmark	c748_firmware	<= lhs60.cm4.p737	cpe:2.3:o:lexmark:c748_firmware::::::::
lexmark	cs748_firmware	<= lhs60.cm4.p737	cpe:2.3:o:lexmark:cs748_firmware::::::::
lexmark	c792_firmware	<= lhs60.hc.p737	cpe:2.3:o:lexmark:c792_firmware::::::::
lexmark	cs796_firmware	<= lhs60.hc.p737	cpe:2.3:o:lexmark:cs796_firmware::::::::
lexmark	c925_firmware	<= lhs60.hv.p737	cpe:2.3:o:lexmark:c925_firmware::::::::
lexmark	c950_firmware	<= lhs60.tp.p737	cpe:2.3:o:lexmark:c950_firmware::::::::
lexmark	x548_firmware	<= lhs60.vk.p737	cpe:2.3:o:lexmark:x548_firmware::::::::
lexmark	xs548_firmware	<= lhs60.vk.p737	cpe:2.3:o:lexmark:xs548_firmware::::::::
lexmark	x74x_firmware	<= lhs60.ny.p737	cpe:2.3:o:lexmark:x74x_firmware::::::::
lexmark	xs748_firmware	<= lhs60.ny.p737	cpe:2.3:o:lexmark:xs748_firmware::::::::
lexmark	x792_firmware	<= lhs60.mr.p737	cpe:2.3:o:lexmark:x792_firmware::::::::
lexmark	xs79x_firmware	<= lhs60.mr.p737	cpe:2.3:o:lexmark:xs79x_firmware::::::::
lexmark	x925_firmware	<= lhs60.hk.p737	cpe:2.3:o:lexmark:x925_firmware::::::::
lexmark	xs925_firmware	<= lhs60.hk.p737	cpe:2.3:o:lexmark:xs925_firmware::::::::
lexmark	x95x_firmware	<= lhs60.tq.p737	cpe:2.3:o:lexmark:x95x_firmware::::::::
lexmark	xs95x_firmware	<= lhs60.tq.p737	cpe:2.3:o:lexmark:xs95x_firmware::::::::
lexmark	6500e_firmware	<= lhs60.jr.p737	cpe:2.3:o:lexmark:6500e_firmware::::::::
lexmark	c734_firmware	<= lr.sk.p824	cpe:2.3:o:lexmark:c734_firmware::::::::
lexmark	c736_firmware	<= lr.ske.p824	cpe:2.3:o:lexmark:c736_firmware::::::::
lexmark	e46x_firmware	<= lr.lbh.p824	cpe:2.3:o:lexmark:e46x_firmware::::::::
lexmark	t65x_firmware	<= lr.jp.p824	cpe:2.3:o:lexmark:t65x_firmware::::::::
lexmark	x46x_firmware	<= lr.bs.p824	cpe:2.3:o:lexmark:x46x_firmware::::::::
lexmark	x65x_firmware	<= lr.mn.p824	cpe:2.3:o:lexmark:x65x_firmware::::::::
lexmark	x73x_firmware	<= lr.fl.p824	cpe:2.3:o:lexmark:x73x_firmware::::::::
lexmark	w850_firmware	<= lp.jb.p823	cpe:2.3:o:lexmark:w850_firmware::::::::
lexmark	x86x_firmware	<= lp.sp.p823	cpe:2.3:o:lexmark:x86x_firmware::::::::

References for CVE-2020-10094

URL	Tags
http://support.lexmark.com/index?page=content&id=TE936	Vendor Advisory

URL

CVE-2020-10094

Exploit prediction scoring system (EPSS) score for CVE-2020-10094

Common vulnerability scoring system (CVSS) metrics for CVE-2020-10094

Weakness enumeration for CVE-2020-10094

Affected software / configurations for CVE-2020-10094

References for CVE-2020-10094