CVE-2022-48311

Published: Feb 6, 2023Modified: Mar 26, 2025

9.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected (1)

Products: Hp: Deskjet 2540 A9u23b Firmware

1 product

Deskjet 2540 A9u23b Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Deskjet 2540 A9u23b Firmware	Version cep1fn1418br

Running on/with	Platform Versions
Hp Deskjet 2540 A9u23b	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/swzhouu/CVE-2022-48311

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/swzhouu/CVE-2022-48311

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.