Cross-Site Scripting Vulnerability in HP Enterprise LaserJet and OfficeJet Printers
CVE-2017-2743

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Enterprise Laserjet Printers And Mfps; HP Officejet Enterprise Color Printers And Mfp; HP Pagewide Color Printers And Mps
Vendor: CVE Published:; 23 January 2018

Summary

HP has discovered a security flaw in various models of its Enterprise LaserJet and OfficeJet printers, which can potentially allow attackers to conduct cross-site scripting (XSS) attacks. This vulnerability affects multiple firmware versions, creating a risk for users who have not updated their systems. It is crucial for users to implement the latest firmware updates to mitigate these security risks.

Affected Version(s)

HP Enterprise LaserJet Printers and MFPs; HP OfficeJet Enterprise Color Printers and MFP; HP PageWide Color Printers and MPS 2308214_000901, 2308214_000900, and other firmware versions

References

https://support.hp.com/us-en/document/c05541569

vendor-advisoryx_refsource_HP

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 23, 2018
Vulnerability Reserved
Dec 1, 2016