Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Bematech MP-4200 TH Printer: Malicious Code Injection Risk
CVE-2019-25356
Summary
If an attacker knows your login credentials, they can inject malicious code into your printer's settings page, allowing them to access sensitive data or take control of your printer. This risk exists because of a flaw in the printer's configuration page. To protect your printer, update to the latest firmware or take other security precautions recommended by the manufacturer.
Original title
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted PO...
Original description
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026