CVE-2019-6323

Published: Jun 17, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.

Affected (10)

Products: Hp: T6b80a Firmware, T6b83a Firmware, T6b81a Firmware, T6b82a Firmware, W2g54a Firmware, W2g55a Firmware, Y5s53a Firmware, Y5s55a Firmware, Y5s50a Firmware, Y5s54a Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b80a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b80a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b83a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b83a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b81a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b81a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp T6b82a Firmware	Before 2019-04-19

Running on/with	Platform Versions
Hp T6b82a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp W2g54a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp W2g54a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp W2g55a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp W2g55a	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s53a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s53a	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s55a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s55a	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s50a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s50a	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y5s54a Firmware	Before 2019-04-26

Running on/with	Platform Versions
Hp Y5s54a	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.hp.com/us-en/document/c06356322

Source: hp-security-alert@hp.com

Vendor Advisory

https://support.hp.com/us-en/document/c06356322

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.