CVE-2024-2301

HIGH

HP LaserJet Pro Firmware < 2023-03-30 - Cross-Site Scripting via Web Management Interface

Title source: llm
STIX 2.1

Description

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

References (1)

Core 1

Scores

CVSS v3 7.6
EPSS 0.0074
EPSS Percentile 73.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (14)
hp/cz172a_firmware < 2023-03-30
hp/cz173a_firmware < 2023-03-30
hp/cz174a_firmware < 2023-03-30
hp/cz175a_firmware < 2023-03-30
hp/cz176a_firmware < 2023-03-30
hp/cz177a_firmware < 2023-03-30
hp/cz178a_firmware < 2023-03-30
hp/cz181a_firmware < 2023-03-30
hp/cz182a_firmware < 2023-03-30
hp/cz183a_firmware < 2023-03-30
... and 4 more
Published May 23, 2024
Tracked Since Feb 18, 2026