CVE-2019-25356

MEDIUM

Bematech MP-4200 TH - Stored Cross-Site Scripting via Admin Configuration Page Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25356. PoCs published by Jonatas Fil.

AI-analyzed exploit summary The exploit demonstrates a Denial of Service (DoS) and Cross-Site Scripting (XSS) vulnerability in Bematech Printer MP-4200 TH by sending malformed POST requests to the admin configuration page. The DoS is triggered by sending overly long input values, while the XSS is achieved via script injection in the 'admin' and 'person' parameters.

Description

Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.

Exploits (1)

exploitdb WORKING POC

by Jonatas Fil · textdoshardware

https://www.exploit-db.com/exploits/47648

View Code ZIP pw:eip

The exploit demonstrates a Denial of Service (DoS) and Cross-Site Scripting (XSS) vulnerability in Bematech Printer MP-4200 TH by sending malformed POST requests to the admin configuration page. The DoS is triggered by sending overly long input values, while the XSS is achieved via script injection in the 'admin' and 'person' parameters.

Classification

Working Poc 90%

Attack Type

Dos | Xss

Complexity

Trivial

Reliability

Reliable

Target: Bematech Printer MP-4200 TH

No auth needed

Prerequisites: Network access to the target printer's web interface

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/47648

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/bematech-printer-mp-th-cross-site-scripting

Various Sources product

https://web.archive.org/web/20180814065516/https://www.bematech.com.br/

Various Sources product

https://www.legacyglobal.com/products/bematech-formerly-logic-controls-mp-4200-thermal-receipt-printer/?srsltid=AfmBOor3LXakwJp10bE_8n8YIBKrFPFGFc5DKrxdMGChGQ-Y24i8MVQa

Scores

CVSS v3 6.1

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

Bematech/MP-4200 MP-4200 TH

Bematech/MP-4200 TH

Published Feb 18, 2026

Tracked Since Feb 19, 2026