Detections
Analytics

HP OfficeJet Pro 8500 XSS

medium Nessus Plugin ID 74269

Language:

Synopsis

The remote HP OfficeJet printer is affected by a cross-site scripting vulnerability.

Description

According to its self-reported build information, the firmware running on the remote HP OfficeJet printer is affected by a cross-site scripting vulnerability that could allow an attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.

Solution

HP has released firmware updates for the affected products.

See Also

http://www.nessus.org/u?217250bf

Plugin Details

Severity: Medium

ID: 74269

File Name: hp_officejet_pro_8500_xss.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 6/2/2014

Updated: 7/13/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:hp:officejet, cpe:/h:hp:officejet_pro_8500

Required KB Items: hp/officejet/detected

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2013

Vulnerability Publication Date: 12/10/2013

Reference Information

CVE: CVE-2013-4845

BID: 64222

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990