Cross-Site Scripting Vulnerability in HP Printers and Multifunction Devices
CVE-2019-18914

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Color Laserjet Managed Printers, HP Color Laserjet Enterprise Printers
Vendor: CVE Published:; 9 November 2021

Summary

A security vulnerability has been identified that affects certain HP printers and multifunction devices, allowing an attacker to execute Cross-Site Scripting (XSS) attacks. This can occur when a user clicks on a third-party malicious link, potentially leading to undesired actions performed within the client's browser. This vulnerability highlights significant security concerns for users of affected HP printing devices.

Affected Version(s)

HP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers before FS3: 2309025_582081

HP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers before FS3: 2309025_582082

HP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers before FS3: 2309025_582083

References

https://support.hp.com/us-en/document/c06546034

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2021
Vulnerability Reserved
Nov 12, 2019