7.6

CVE-2024-2301

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpCz181a Firmware Version < 2023-03-30
   HpCz181a Version-
HpCz182a Firmware Version < 2023-03-30
   HpCz182a Version-
HpCz187a Firmware Version < 2023-03-30
   HpCz187a Version-
HpCz183a Firmware Version < 2023-03-30
   HpCz183a Version-
HpCz172a Firmware Version < 2023-03-30
   HpCz172a Version-
HpCz173a Firmware Version < 2023-03-30
   HpCz173a Version-
HpCz176a Firmware Version < 2023-03-30
   HpCz176a Version-
HpCz177a Firmware Version < 2023-03-30
   HpCz177a Version-
HpCz178a Firmware Version < 2023-03-30
   HpCz178a Version-
HpCz174a Firmware Version < 2023-03-30
   HpCz174a Version-
HpCz175a Firmware Version < 2023-03-30
   HpCz175a Version-
HpCz184a Firmware Version < 2023-03-30
   HpCz184a Version-
HpCz185a Firmware Version < 2023-03-30
   HpCz185a Version-
HpCz186a Firmware Version < 2023-03-30
   HpCz186a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.725
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.6 2.3 4.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.