4.8

CVE-2019-6324

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpT6b80a Firmware Version < 2019-04-19
   HpT6b80a Version-
HpT6b83a Firmware Version < 2019-04-19
   HpT6b83a Version-
HpT6b81a Firmware Version < 2019-04-19
   HpT6b81a Version-
HpT6b82a Firmware Version < 2019-04-19
   HpT6b82a Version-
HpW2g54a Firmware Version < 2019-04-26
   HpW2g54a Version-
HpW2g55a Firmware Version < 2019-04-26
   HpW2g55a Version-
HpY5s53a Firmware Version < 2019-04-26
   HpY5s53a Version-
HpY5s55a Firmware Version < 2019-04-26
   HpY5s55a Version-
HpY5s50a Firmware Version < 2019-04-26
   HpY5s50a Version-
HpY5s54a Firmware Version < 2019-04-26
   HpY5s54a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.547
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.8 1.7 2.7
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.