Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

Various Lexmark products have an Integer Overflow.

Various Lexmark products have CSRF.

Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.