CVE-2019-25356

MEDIUM 6.1

Bematech Printer MP-4200 TH Cross-Site Scripting

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.

CWE	CWE-79
Vendor	bematech
Product	mp-4200
Published	Feb 18, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for bematech mp-4200

Be the first to know when new medium vulnerabilities affecting bematech mp-4200 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Bematech / MP-4200

MP-4200 TH

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47648 web.archive.org: https://web.archive.org/web/20180814065516/https://www.bematech.com.br/ legacyglobal.com: https://www.legacyglobal.com/products/bematech-formerly-logic-controls-mp-4200-thermal-receipt-printer/?srsltid=AfmBOor3LXakwJp10bE_8n8YIBKrFPFGFc5DKrxdMGChGQ-Y24i8MVQa vulncheck.com: https://www.vulncheck.com/advisories/bematech-printer-mp-th-cross-site-scripting

Credits

Jonatas Fil