Cross-Site Scripting Vulnerability in HP InkJet Printers
CVE-2019-6332

4.8MEDIUM

Key Information:

Vendor: HP
Status: HP Deskjet 2600 All-in-one Printer Series; HP Deskjet Ink Advantage 2600 All-in-one Printer Series; HP Deskjet Ink Advantage 5000 All-in-one Printer Series; HP Deskjet Ink Advantage 5200 All-in-one Printer Series
Vendor: CVE Published:; 9 January 2020

What is CVE-2019-6332?

A potential security weakness has been found in multiple HP InkJet printer models, which could allow an attacker to execute scripts in the context of the user’s browser through cross-site scripting (XSS). This vulnerability impacts several series, including HP DeskJet and ENVY models, creating a risk of unauthorized access to sensitive information. Users are advised to update their printer firmware to mitigate this risk and ensure their devices are secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HP DeskJet 2600 All-in-One Printer series 4UJ28B

HP DeskJet 2600 All-in-One Printer series V1N01A - V1N08A

HP DeskJet 2600 All-in-One Printer series Y5H60A - Y5H80A

References

https://support.hp.com/in-en/document/c06428029

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Jan 15, 2019

JSON

HP