Cross-site scripting (XSS)
Source: HP, HP Product Security Response Team (PSRT)
Reported by: Barış Sağdıç (BS Cyber Security Inc.)
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS).
VULNERABILITY SUMMARY
note:All product versions are impacted prior to the firmware versions listed.
Reference
|
Base vector
|
Base score
|
CVE-2019-6332
|
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
|
5.1
|
Printer name
|
Model number
|
Firmware revision
|
HP DeskJet 2600 All-in-One Printer series
|
4UJ28B
V1N01A - V1N08A
Y5H60A - Y5H80A
|
1923 (or later)
|
HP DeskJet Ink Advantage 2600 All-in-One Printer series
|
V1N02A - V1N02B
Y5Z00A - Y5Z04B
|
1923 (or later)
|
HP DeskJet Ink Advantage 5000 All-in-One Printer series
|
M2U86A - M2U89B
|
003.1925A (or later)
|
HP DeskJet Ink Advantage 5200 All-in-One Printer series
|
M2U76A - M2U78B
|
003.1925A (or later)
|
HP ENVY 5000 All-in-One Printer series
|
M2U85A - M2U85B
M2U91A - M2U94B
Z4A54A - Z4A74A
|
003.1925A (or later)
|
HP ENVY Photo 6200 All-in-One Printer series
|
K7G18A-K7G26B
K7S21B
Y0K13D - Y0K15A
|
003.1925A (or later)
|
HP ENVY Photo 7100 All-in-One Printer series
|
3XD89A
K7G93A-K7G99A
Z3M37A - Z3M52A
|
003.1925A (or later)
|
HP ENVY Photo 7800 All-in-One Printer series
|
K7R96A
K7S00A - K7S10D
Y0G42D - Y0G52B
|
003.1925A (or later)
|
HP Ink Tank Wireless 410 series
|
Z4B53A - Z4B55A
Z6Z95A - Z6Z99A
4DX94A - 4DX95A
4YF79A
Z7A01A
|
1924 (or later)
|
HP OfficeJet 5200 All-in-One Printer series
|
M2U75A
M2U81A-M2U84B
Z4B12A - Z4B14A
Z4B27A - Z4B29A
|
003.1925A (or later)
|
HP Smart Tank Wireless 450 series
|
Z4B56A
Z6Z96A - Z6Z98A
|
1924 (or later)
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
GN
|
HP General Software
|