CVE-2022-48311

CRITICAL

HP Deskjet 2540 A9u23b Firmware - XSS

Title source: rule

Description

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (1)

nomisec WRITEUP 1 stars

by swzhouu · poc

https://github.com/swzhouu/CVE-2022-48311

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/swzhouu/CVE-2022-48311

Scores

CVSS v3 9.0

EPSS 0.0080

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

hp/deskjet_2540_a9u23b_firmware cep1fn1418br

Published Feb 06, 2023

Tracked Since Feb 18, 2026