FKIE_CVE-2019-6324
Vulnerability from fkie_nvd - Published: 2019-06-17 16:15 - Updated: 2026-06-17 02:38
Severity
Summary
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page
References
| URL | Tags | ||
|---|---|---|---|
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c06356322 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c06356322 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | t6b80a_firmware | * | |
| hp | t6b80a | - | |
| hp | t6b83a_firmware | * | |
| hp | t6b83a | - | |
| hp | t6b81a_firmware | * | |
| hp | t6b81a | - | |
| hp | t6b82a_firmware | * | |
| hp | t6b82a | - | |
| hp | w2g54a_firmware | * | |
| hp | w2g54a | - | |
| hp | w2g55a_firmware | * | |
| hp | w2g55a | - | |
| hp | y5s53a_firmware | * | |
| hp | y5s53a | - | |
| hp | y5s55a_firmware | * | |
| hp | y5s55a | - | |
| hp | y5s50a_firmware | * | |
| hp | y5s50a | - | |
| hp | y5s54a_firmware | * | |
| hp | y5s54a | - |
{
"affected": [
{
"affectedData": [
{
"product": "HP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 20190419"
},
{
"status": "affected",
"version": "before 20190426"
}
]
}
],
"source": "hp-security-alert@hp.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:t6b80a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA7A789-DFED-4CA8-ADBD-E9992BC22A89",
"versionEndExcluding": "2019-04-19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:t6b80a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B68B7D89-D81D-441D-9CCC-02CA70D0DC3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:t6b83a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BEF4C86-D8B1-4CEE-A870-C57AB3DD2EEF",
"versionEndExcluding": "2019-04-19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:t6b83a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3661A94-A825-4F35-AC91-1F68C77B9907",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:t6b81a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFBC629-0E32-4AA7-9E40-7349EA9E194D",
"versionEndExcluding": "2019-04-19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:t6b81a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DB32AD-7388-487B-92F1-19F092A9BC2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:t6b82a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3C3B8-37E2-4B12-82E5-E8D3046A9A88",
"versionEndExcluding": "2019-04-19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:t6b82a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B358513-72B0-4FED-B063-744B76F9C1B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:w2g54a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3223FEB5-1487-436F-8107-E125A4AD6D56",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:w2g54a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31575D91-4914-41A9-9466-E93020A84241",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:w2g55a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80A9A7E2-9BC4-4E80-A6F0-B05741123642",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:w2g55a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59F4DC8D-ECDA-4575-A106-B68298A0BB5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:y5s53a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2970D1-A37B-49D9-A8FC-8D43A7B78C63",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:y5s53a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2252D-64AB-4D6A-A655-76B6B092A8D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:y5s55a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F151694-8818-413E-BBFA-DC0D4E94F4E9",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:y5s55a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E727276-F0AF-47F6-9D58-393EFD4ED6F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:y5s50a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11184C84-1740-47B0-B412-09E7122710A8",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:y5s50a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB990FE3-281B-4E72-98AC-A045F1F27E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:y5s54a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBBE624-D748-40C4-AEF7-03A731FC954C",
"versionEndExcluding": "2019-04-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:y5s54a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBB0EEA-61D0-4FE6-91EA-7671ABD7776D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page"
},
{
"lang": "es",
"value": "La serie de impresoras multifunci\u00f3n HP Color LaserJet Pro M280-M281 (anterior v. 20190419), la serie de impresoras HP LaserJet Pro MFP M28-M31 (anterior v. 20190426) puede tener un servidor web incorporado potencialmente vulnerable a XSS almacenado en la p\u00e1gina de configuraci\u00f3n inal\u00e1mbrica"
}
],
"id": "CVE-2019-6324",
"lastModified": "2026-06-17T02:38:59.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-17T16:15:12.623",
"references": [
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06356322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hp.com/us-en/document/c06356322"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…