Vulnerability-Lookup

CVE-2019-6324 (GCVE-0-2019-6324)

Vulnerability from cvelistv5 – Published: 2019-06-17 15:55 – Updated: 2024-08-04 20:16

Summary

Severity

4.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

Stored XSS.

Assigner

References

1 reference

URL	Tags
https://support.hp.com/us-en/document/c06356322	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series	Affected: before 20190419 Affected: before 20190426

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/c06356322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 20190419"
            },
            {
              "status": "affected",
              "version": "before 20190426"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored XSS.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-17T15:55:14.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.hp.com/us-en/document/c06356322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2019-6324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 20190419"
                          },
                          {
                            "version_value": "before 20190426"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored XSS."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c06356322",
              "refsource": "MISC",
              "url": "https://support.hp.com/us-en/document/c06356322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2019-6324",
    "datePublished": "2019-06-17T15:55:14.000Z",
    "dateReserved": "2019-01-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:16:24.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-6324",
      "date": "2026-06-30",
      "epss": "0.00701",
      "percentile": "0.48562"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-6324\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2019-06-17T16:15:12.623\",\"lastModified\":\"2024-11-21T04:46:24.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page\"},{\"lang\":\"es\",\"value\":\"La serie de impresoras multifunci\u00f3n HP Color LaserJet Pro M280-M281 (anterior v. 20190419), la serie de impresoras HP LaserJet Pro MFP M28-M31 (anterior v. 20190426) puede tener un servidor web incorporado potencialmente vulnerable a XSS almacenado en la p\u00e1gina de configuraci\u00f3n inal\u00e1mbrica\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:t6b80a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-19\",\"matchCriteriaId\":\"DBA7A789-DFED-4CA8-ADBD-E9992BC22A89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:t6b80a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B68B7D89-D81D-441D-9CCC-02CA70D0DC3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:t6b83a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-19\",\"matchCriteriaId\":\"9BEF4C86-D8B1-4CEE-A870-C57AB3DD2EEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:t6b83a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3661A94-A825-4F35-AC91-1F68C77B9907\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:t6b81a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-19\",\"matchCriteriaId\":\"1EFBC629-0E32-4AA7-9E40-7349EA9E194D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:t6b81a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37DB32AD-7388-487B-92F1-19F092A9BC2B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:t6b82a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-19\",\"matchCriteriaId\":\"BAE3C3B8-37E2-4B12-82E5-E8D3046A9A88\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:t6b82a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B358513-72B0-4FED-B063-744B76F9C1B0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:w2g54a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"3223FEB5-1487-436F-8107-E125A4AD6D56\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:w2g54a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31575D91-4914-41A9-9466-E93020A84241\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:w2g55a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"80A9A7E2-9BC4-4E80-A6F0-B05741123642\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:w2g55a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F4DC8D-ECDA-4575-A106-B68298A0BB5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:y5s53a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"6D2970D1-A37B-49D9-A8FC-8D43A7B78C63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:y5s53a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D2252D-64AB-4D6A-A655-76B6B092A8D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:y5s55a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"4F151694-8818-413E-BBFA-DC0D4E94F4E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:y5s55a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E727276-F0AF-47F6-9D58-393EFD4ED6F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:y5s50a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"11184C84-1740-47B0-B412-09E7122710A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:y5s50a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB990FE3-281B-4E72-98AC-A045F1F27E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:y5s54a_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-04-26\",\"matchCriteriaId\":\"3FBBE624-D748-40C4-AEF7-03A731FC954C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:y5s54a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBB0EEA-61D0-4FE6-91EA-7671ABD7776D\"}]}]}],\"references\":[{\"url\":\"https://support.hp.com/us-en/document/c06356322\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hp.com/us-en/document/c06356322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

BDU:2019-02820

Vulnerability from fstec - Published: 31.05.2019

Title

Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro и HP LaserJet Pro, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Description

Уязвимость микропрограммного обеспечения принтеров HP Color LaserJet Pro и HP LaserJet Pro существует из-за непринятия мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность и целостность защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Vendor

HP Inc.

Software Name

HP Color LaserJet Pro T6B83A, HP Color LaserJet Pro T6B81A, HP Color LaserJet Pro T6B82A, HP LaserJet Pro MFP W2G54A, HP LaserJet Pro MFP W2G55A, HP LaserJet Pro MFP Y5S50A, HP LaserJet Pro MFP Y5S53A, HP LaserJet Pro MFP Y5S54A, HP LaserJet Pro MFP Y5S55A

Software Version

до 20190419 (HP Color LaserJet Pro T6B83A), до 20190419 (HP Color LaserJet Pro T6B81A), до 20190419 (HP Color LaserJet Pro T6B82A), до 20190426 (HP LaserJet Pro MFP W2G54A), до 20190426 (HP LaserJet Pro MFP W2G55A), до 20190426 (HP LaserJet Pro MFP Y5S50A), до 20190426 (HP LaserJet Pro MFP Y5S53A), до 20190426 (HP LaserJet Pro MFP Y5S54A), до 20190426 (HP LaserJet Pro MFP Y5S55A)

Possible Mitigations

Использование рекомендаций производителя, доступных по адресу: https://support.hp.com/us-en/document/c06356322

Reference

https://support.hp.com/us-en/document/c06356322 https://nvd.nist.gov/vuln/detail/CVE-2019-6324

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "HP Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 20190419 (HP Color LaserJet Pro T6B83A), \u0434\u043e 20190419 (HP Color LaserJet Pro T6B81A), \u0434\u043e 20190419 (HP Color LaserJet Pro T6B82A), \u0434\u043e 20190426 (HP LaserJet Pro MFP W2G54A), \u0434\u043e 20190426 (HP LaserJet Pro MFP W2G55A), \u0434\u043e 20190426 (HP LaserJet Pro MFP Y5S50A), \u0434\u043e 20190426 (HP LaserJet Pro MFP Y5S53A), \u0434\u043e 20190426 (HP LaserJet Pro MFP Y5S54A), \u0434\u043e 20190426 (HP LaserJet Pro MFP Y5S55A)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttps://support.hp.com/us-en/document/c06356322",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.08.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02820",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6324",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "HP Color LaserJet Pro T6B83A, HP Color LaserJet Pro T6B81A, HP Color LaserJet Pro T6B82A, HP LaserJet Pro MFP W2G54A, HP LaserJet Pro MFP W2G55A, HP LaserJet Pro MFP Y5S50A, HP LaserJet Pro MFP Y5S53A, HP LaserJet Pro MFP Y5S54A, HP LaserJet Pro MFP Y5S55A",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 HP Color LaserJet Pro \u0438 HP LaserJet Pro, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 HP Color LaserJet Pro \u0438 HP LaserJet Pro \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hp.com/us-en/document/c06356322\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6324",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

CNVD-2019-23315

Vulnerability from cnvd - Published: 2019-07-18

Title

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series跨站脚本漏洞（CNVD-2019-23315）

Description

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series 都是惠普(HP)推出的打印机产品。 HP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419之前版本和HP LaserJet Pro MFP M28-M31 Printer series 20190426之前版本中的无线配置页面存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Severity

低

Patch Name

HP Color LaserJet Pro M280-M281 Multifunction Printer series和HP LaserJet Pro MFP M28-M31 Printer series跨站脚本漏洞（CNVD-2019-23315）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hp.com/us-en/document/c06356322

Reference

https://support.hp.com/us-en/document/c06356322

Impacted products

Name
['HP HP Color LaserJet Pro MM Multifunction Printer series <20190419', 'HP HP LaserJet Pro MFP MM Printer series WEB <20190426']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6324",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6324"
    }
  },
  "description": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series \u90fd\u662f\u60e0\u666e(HP)\u63a8\u51fa\u7684\u6253\u5370\u673a\u4ea7\u54c1\u3002\n\nHP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419\u4e4b\u524d\u7248\u672c\u548cHP LaserJet Pro MFP M28-M31 Printer series 20190426\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u65e0\u7ebf\u914d\u7f6e\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "discovererName": "Mario Rivas and Daniel Romero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hp.com/us-en/document/c06356322",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-23315",
  "openTime": "2019-07-18",
  "patchDescription": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series \u90fd\u662f\u60e0\u666e(HP)\u63a8\u51fa\u7684\u6253\u5370\u673a\u4ea7\u54c1\u3002\r\n\r\nHP Color LaserJet Pro M280-M281 Multifunction Printer series 20190419\u4e4b\u524d\u7248\u672c\u548cHP LaserJet Pro MFP M28-M31 Printer series 20190426\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u65e0\u7ebf\u914d\u7f6e\u9875\u9762\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-23315\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP HP Color LaserJet Pro MM Multifunction Printer series  \u003c20190419",
      "HP HP LaserJet Pro MFP MM Printer series WEB \u003c20190426"
    ]
  },
  "referenceLink": "https://support.hp.com/us-en/document/c06356322",
  "serverity": "\u4f4e",
  "submitTime": "2019-06-28",
  "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series\u548cHP LaserJet Pro MFP M28-M31 Printer series\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2019-23315\uff09"
}

FKIE_CVE-2019-6324

Vulnerability from fkie_nvd - Published: 2019-06-17 16:15 - Updated: 2026-06-17 02:38

Severity

4.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	hp-security-alert@hp.com	https://support.hp.com/us-en/document/c06356322	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hp.com/us-en/document/c06356322	Vendor Advisory

Impacted products

Vendor	Product	Version
hp	t6b80a_firmware	*
hp	t6b80a	-
hp	t6b83a_firmware	*
hp	t6b83a	-
hp	t6b81a_firmware	*
hp	t6b81a	-
hp	t6b82a_firmware	*
hp	t6b82a	-
hp	w2g54a_firmware	*
hp	w2g54a	-
hp	w2g55a_firmware	*
hp	w2g55a	-
hp	y5s53a_firmware	*
hp	y5s53a	-
hp	y5s55a_firmware	*
hp	y5s55a	-
hp	y5s50a_firmware	*
hp	y5s50a	-
hp	y5s54a_firmware	*
hp	y5s54a	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before 20190419"
            },
            {
              "status": "affected",
              "version": "before 20190426"
            }
          ]
        }
      ],
      "source": "hp-security-alert@hp.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:t6b80a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA7A789-DFED-4CA8-ADBD-E9992BC22A89",
              "versionEndExcluding": "2019-04-19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:t6b80a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68B7D89-D81D-441D-9CCC-02CA70D0DC3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:t6b83a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BEF4C86-D8B1-4CEE-A870-C57AB3DD2EEF",
              "versionEndExcluding": "2019-04-19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:t6b83a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3661A94-A825-4F35-AC91-1F68C77B9907",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:t6b81a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFBC629-0E32-4AA7-9E40-7349EA9E194D",
              "versionEndExcluding": "2019-04-19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:t6b81a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB32AD-7388-487B-92F1-19F092A9BC2B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:t6b82a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE3C3B8-37E2-4B12-82E5-E8D3046A9A88",
              "versionEndExcluding": "2019-04-19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:t6b82a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B358513-72B0-4FED-B063-744B76F9C1B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:w2g54a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3223FEB5-1487-436F-8107-E125A4AD6D56",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:w2g54a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31575D91-4914-41A9-9466-E93020A84241",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:w2g55a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A9A7E2-9BC4-4E80-A6F0-B05741123642",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:w2g55a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F4DC8D-ECDA-4575-A106-B68298A0BB5C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:y5s53a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2970D1-A37B-49D9-A8FC-8D43A7B78C63",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:y5s53a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D2252D-64AB-4D6A-A655-76B6B092A8D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:y5s55a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F151694-8818-413E-BBFA-DC0D4E94F4E9",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:y5s55a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E727276-F0AF-47F6-9D58-393EFD4ED6F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:y5s50a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11184C84-1740-47B0-B412-09E7122710A8",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:y5s50a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB990FE3-281B-4E72-98AC-A045F1F27E54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:y5s54a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FBBE624-D748-40C4-AEF7-03A731FC954C",
              "versionEndExcluding": "2019-04-26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:y5s54a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBB0EEA-61D0-4FE6-91EA-7671ABD7776D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
    },
    {
      "lang": "es",
      "value": "La serie de impresoras multifunci\u00f3n HP Color LaserJet Pro M280-M281 (anterior v. 20190419), la serie de impresoras HP LaserJet Pro MFP M28-M31 (anterior v. 20190426) puede tener un servidor web incorporado potencialmente vulnerable a XSS almacenado en la p\u00e1gina de configuraci\u00f3n inal\u00e1mbrica"
    }
  ],
  "id": "CVE-2019-6324",
  "lastModified": "2026-06-17T02:38:59.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-17T16:15:12.623",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/c06356322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/c06356322"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5PR5-45Q6-7GJG

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2024-04-04 00:58

Details

Severity

4.8 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-17T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page",
  "id": "GHSA-5pr5-45q6-7gjg",
  "modified": "2024-04-04T00:58:34Z",
  "published": "2022-05-24T16:48:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6324"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/c06356322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-6324

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-6324

Aliases

CVE-2019-6324

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6324",
    "description": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page",
    "id": "GSD-2019-6324"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6324"
      ],
      "details": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page",
      "id": "GSD-2019-6324",
      "modified": "2023-12-13T01:23:49.439649Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2019-6324",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 20190419"
                        },
                        {
                          "version_value": "before 20190426"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Stored XSS."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hp.com/us-en/document/c06356322",
            "refsource": "MISC",
            "url": "https://support.hp.com/us-en/document/c06356322"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:t6b80a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-19",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:t6b80a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:t6b83a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-19",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:t6b83a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:t6b81a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-19",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:t6b81a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:t6b82a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-19",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:t6b82a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:w2g54a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:w2g54a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:w2g55a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:w2g55a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:y5s53a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:y5s53a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:y5s55a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:y5s55a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:y5s50a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:y5s50a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:y5s54a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2019-04-26",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:y5s54a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2019-6324"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c06356322",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hp.com/us-en/document/c06356322"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.7,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-06-18T18:06Z",
      "publishedDate": "2019-06-17T16:15Z"
    }
  }
}

VAR-201906-0399

Vulnerability from variot - Updated: 2024-11-23 22:06

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. Multiple buffer-overflow vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0399",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "y5s53a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "t6b80a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-19"
      },
      {
        "model": "y5s55a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "w2g54a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "t6b82a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-19"
      },
      {
        "model": "y5s54a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "w2g55a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "t6b81a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-19"
      },
      {
        "model": "t6b83a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-19"
      },
      {
        "model": "y5s50a",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2019-04-26"
      },
      {
        "model": "t6b80a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b81a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b82a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "t6b83a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "w2g54a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "w2g55a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s50a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s53a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s54a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "y5s55a",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "color laserjet pro mm multifunction printer series",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "hp",
        "version": "20190419"
      },
      {
        "model": "laserjet pro mfp mm printer series web",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "laserjet pro mfp m28-m31 printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet pro m280-m281 multifunction printer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet pro mfp m28-m31 printer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20190426"
      },
      {
        "model": "color laserjet pro m280-m281 multifunction printer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20190419"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:hp:t6b80a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b81a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b82a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:t6b83a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:w2g54a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:w2g55a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s50a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s53a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s54a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:y5s55a_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mario Rivas and Daniel Romero, NCC Group",
    "sources": [
      {
        "db": "BID",
        "id": "108828"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-6324",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2019-6324",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2019-23315",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.7,
            "id": "CVE-2019-6324",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6324",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6324",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-23315",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-650",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6324",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page. HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries are HP (HP) printer products. A cross-site scripting vulnerability exists in the wireless configuration page in versions prior to HPColorLaserJetProM280-M281MultifunctionPrinterseries20190419 and earlier versions of HPLaserJetProMFPM28-M31Printerseries20190426. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. A cross-site scripting vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. Multiple buffer-overflow vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, execute arbitrary code within the context o f the affected device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6324",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108828",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "id": "VAR-201906-0399",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:10.751000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "c06356322",
        "trust": 0.8,
        "url": "https://support.hp.com/us-en/document/c06356322"
      },
      {
        "title": "Patch for HPColorLaserJetProM280-M281MultifunctionPrinterseries and HPLaserJetProMFPM28-M31Printerseries Cross-Site Scripting Vulnerability (CNVD-2019-23315)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/169509"
      },
      {
        "title": "HP Color LaserJet Pro M280-M281 Multifunction Printer series  and HP LaserJet Pro MFP M28-M31 Printer series Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93859"
      },
      {
        "title": "HP: HPSBPI03619 rev. 1 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03619"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ba64aca578c0d92038b9ebc28339506c"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03619 rev. 2 - Certain HP LaserJet Pro and MFP Printers, Multiple Potential Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=cdb96be2e472163f1a304e2ae979d5f4"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://support.hp.com/us-en/document/c06356322"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6324"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6324"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/hp-laserjet-pro-five-vulnerabilities-29557"
      },
      {
        "trust": 0.3,
        "url": "www.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/office-printers-hackers-open-door/147083/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "db": "BID",
        "id": "108828"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "BID",
        "id": "108828"
      },
      {
        "date": "2019-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "date": "2019-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "date": "2019-06-17T16:15:12.623000",
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23315"
      },
      {
        "date": "2019-06-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6324"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "BID",
        "id": "108828"
      },
      {
        "date": "2019-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      },
      {
        "date": "2024-11-21T04:46:24.720000",
        "db": "NVD",
        "id": "CVE-2019-6324"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP Color LaserJet Pro M280-M281 and  MFP M28-M31 Multifunction Printer Series cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005533"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-650"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6324 (GCVE-0-2019-6324)

BDU:2019-02820

CNVD-2019-23315

FKIE_CVE-2019-6324

GHSA-5PR5-45Q6-7GJG

GSD-2019-6324

VAR-201906-0399

Tags

Sightings

Nomenclature