CVE-2019-6324: XSS
First published: Mon Jun 17 2019(Updated: )
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP T6B80A | <2019-04-19 | |
| HP T6B80A Firmware | ||
| HP T6b83a Firmware | <2019-04-19 | |
| HP T6b83a Firmware | ||
| HP T6B81A | <2019-04-19 | |
| HP T6B81A Firmware | ||
| HP T6B82A | <2019-04-19 | |
| HP T6B82A Firmware | ||
| HP W2G54A | <2019-04-26 | |
| HP LaserJet Pro M14 | ||
| HP W2G55A Firmware | <2019-04-26 | |
| HP LaserJet Pro MFP M29 | ||
| HP Y5s53a | <2019-04-26 | |
| HP Y5s53a Firmware | ||
| HP Y5s55a | <2019-04-26 | |
| HP Y5s55a Firmware | ||
| HP Y5s50a Firmware | <2019-04-26 | |
| Hp Y5s50a Firmware | ||
| HP Y5s54a Firmware | <2019-04-26 | |
| HP Y5s54a Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-6324?
CVE-2019-6324 has a medium severity rating due to its potential for stored XSS attacks in affected HP printer models.
How do I fix CVE-2019-6324?
To fix CVE-2019-6324, users should update their HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 printer firmware to versions 20190419 or later.
Which HP printer models are affected by CVE-2019-6324?
CVE-2019-6324 affects the HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 printer series with firmware prior to the specified update versions.
What type of vulnerability is CVE-2019-6324?
CVE-2019-6324 is a stored cross-site scripting (XSS) vulnerability that can be exploited through the printer's embedded web server.
How can I determine if my printer is vulnerable to CVE-2019-6324?
You can determine vulnerability to CVE-2019-6324 by checking if your HP printer model is running firmware version prior to 20190419 or 20190426.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp t6b80a
- canonical/hp t6b80a firmware
- canonical/hp t6b83a firmware
- canonical/hp t6b81a
- canonical/hp t6b81a firmware
- canonical/hp t6b82a
- canonical/hp t6b82a firmware
- canonical/hp w2g54a
- canonical/hp laserjet pro m14
- canonical/hp w2g55a firmware
- canonical/hp laserjet pro mfp m29
- canonical/hp y5s53a
- canonical/hp y5s53a firmware
- canonical/hp y5s55a
- canonical/hp y5s55a firmware
- canonical/hp y5s50a firmware
- canonical/hp y5s54a firmware