Stored XSS Vulnerability in HP Color LaserJet and LaserJet Pro MFP Series
CVE-2019-6324
4.8MEDIUM
Key Information:
- Vendor
HP
- Vendor
- CVE Published:
- 17 June 2019
What is CVE-2019-6324?
The HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 series have an embedded web server that may allow attackers to perform stored Cross-Site Scripting (XSS) attacks through the wireless configuration page. This vulnerability poses a risk of unauthorized access and malicious data being executed on the user's system when visiting the affected web interface.
Affected Version(s)
HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190419
HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series before 20190426