Description
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_hp
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027841
Scores
EPSS
0.0062
EPSS Percentile
70.3%
Details
CWE
CWE-79
Status
published
Products (7)
hp/color_laserjet_cm3530
< 53.190.8
hp/color_laserjet_cm60xx
< 53.190.8
hp/color_laserjet_cp3525
< 06.140.3.17
hp/color_laserjet_cp4xxx
< 07.120.5
hp/color_laserjet_cp6015
< 04.160.2
hp/laserjet_p3015
< 07.140.2
hp/laserjet_p4xxx
< 04.170.2
Published
Dec 06, 2012
Tracked Since
Feb 18, 2026