CVE-2024-2301 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-2301

Analyzed

More Info Official Page

Source-hp-security-alert@hp.com

Published At-23 May, 2024 | 17:15

Updated At-26 Jan, 2026 | 14:02

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 7.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CPE Matches

>>cz181a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz181a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz181a:-:*:*:*:*:*:*:*

>>cz182a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz182a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz182a:-:*:*:*:*:*:*:*

>>cz187a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz187a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz187a:-:*:*:*:*:*:*:*

>>cz183a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz183a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz183a:-:*:*:*:*:*:*:*

>>cz172a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz172a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz172a:-:*:*:*:*:*:*:*

>>cz173a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz173a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz173a:-:*:*:*:*:*:*:*

>>cz176a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz176a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz176a:-:*:*:*:*:*:*:*

>>cz177a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz177a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz177a:-:*:*:*:*:*:*:*

>>cz178a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz178a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz178a:-:*:*:*:*:*:*:*

>>cz174a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz174a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz174a:-:*:*:*:*:*:*:*

>>cz175a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz175a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz175a:-:*:*:*:*:*:*:*

>>cz184a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz184a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz184a:-:*:*:*:*:*:*:*

>>cz185a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz185a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz185a:-:*:*:*:*:*:*:*

>>cz186a_firmware>>Versions before 2023-03-30(exclusive)

cpe:2.3:o:hp:cz186a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:cz186a:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-79

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940	hp-security-alert@hp.com	Vendor Advisory
https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory

Hyperlink: https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory