Cross-Site Scripting Vulnerability in HP InkJet Printers
CVE-2019-6332

4.8MEDIUM

Key Information:

Vendor: HP
Status: HP Deskjet 2600 All-in-one Printer Series; HP Deskjet Ink Advantage 2600 All-in-one Printer Series; HP Deskjet Ink Advantage 5000 All-in-one Printer Series; HP Deskjet Ink Advantage 5200 All-in-one Printer Series
Vendor: CVE Published:; 9 January 2020

What is CVE-2019-6332?

A potential security weakness has been found in multiple HP InkJet printer models, which could allow an attacker to execute scripts in the context of the user’s browser through cross-site scripting (XSS). This vulnerability impacts several series, including HP DeskJet and ENVY models, creating a risk of unauthorized access to sensitive information. Users are advised to update their printer firmware to mitigate this risk and ensure their devices are secure.

Affected Version(s)

HP DeskJet 2600 All-in-One Printer series 4UJ28B

HP DeskJet 2600 All-in-One Printer series V1N01A - V1N08A

HP DeskJet 2600 All-in-One Printer series Y5H60A - Y5H80A

References

https://support.hp.com/in-en/document/c06428029

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Jan 15, 2019

CVE-2019-6332 Data

JSON