CVE-2022-48311
Last modified
CVE-2022-48311 is a critical-severity vulnerability rated 9/10 on the CVSS scale. **UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Deskjet 2540 A9u23b Firmware | cep1fn1418br |
References
- https://github.com/swzhouu/CVE-2022-48311Exploit, Third Party Advisory
- https://github.com/swzhouu/CVE-2022-48311Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-48311?
How severe is CVE-2022-48311?
How do I fix CVE-2022-48311?
Are you affected by CVE-2022-48311?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST