HP LaserJet Pro Devices Vulnerable to XSS Attack via Web Management Interface
CVE-2024-2301

7.6HIGH

Key Information:

Vendor: HP
Status: Certain HP Laserjet Pro Devices
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-2301?

Certain HP LaserJet Pro devices are at risk of Cross-Site Scripting (XSS) attacks through their web management interfaces. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users. An unauthenticated attacker could exploit this issue, potentially leading to unauthorized actions being performed on behalf of unsuspecting users. It is crucial for administrators to ensure their devices are updated and appropriately secured to mitigate this risk.

Affected Version(s)

Certain HP LaserJet Pro Devices See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_10617756-106177...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024