多款HP Inkjet printers打印机跨站脚本漏洞

CNNVD-ID编号	CNNVD-202001-320	CVE编号	CVE-2019-6332
发布时间	2020-01-09	更新时间	2021-01-05
漏洞类型	跨站脚本	漏洞来源	N/A
危险等级	中危	威胁类型	远程
厂商	N/A

漏洞介绍

HP Inkjet printers是美国惠普（HP）公司的一款Inkjet系列打印机。

多款HP Inkjet printers打印机中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。以下产品及版本受到影响：HP DeskJet 2600 All-in-One Printer 4UJ28B；DeskJet 2600 All-in-One Printer V1N01A至V1N08A；DeskJet 2600 All-in-One Printer Y5H60A至Y5H80A；HP DeskJet Ink Advantage 2600 All-in-One Printer V1N02A至V1N02B；DeskJet Ink Advantage 2600 All-in-One Printer Y5Z00A至Y5Z04B；HP DeskJet Ink Advantage 5000 All-in-One Printer M2U86A至M2U89B；HP DeskJet Ink Advantage 5200 All-in-One Printer M2U76A至M2U78B；HP ENVY 5000 All-in-One Printer M2U85A至M2U85B；ENVY 5000 All-in-One Printer M2U91A至M2U94B；ENVY 5000 All-in-One Printer Z4A54A至Z4A74A；HP ENVY Photo 6200 All-in-One Printer K7G18A至K7G26B；ENVY Photo 6200 All-in-One Printer K7S21B；ENVY Photo 6200 All-in-One Printer Y0K13D至Y0K15A；HP ENVY Photo 7100 All-in-One Printer 3XD89A；ENVY Photo 7100 All-in-One Printer K7G93A至K7G99A；ENVY Photo 7100 All-in-One Printer Z3M37A至Z3M52A；HP ENVY Photo 7800 All-in-One Printer K7R96A；ENVY Photo 7800 All-in-One Printer K7S00A至K7S10D；ENVY Photo 7800 All-in-One Printer Y0G42D至Y0G52B；HP Ink Tank Wireless 410 Z4B53A至Z4B55A；Ink Tank Wireless 410 Z6Z95A至Z6Z99A；Ink Tank Wireless 410 4DX94A至4DX95A；Ink Tank Wireless 410 4YF79A；Ink Tank Wireless 410 Z7A01A；HP OfficeJet 5200 All-in-One Printer M2U75A；OfficeJet 5200 All-in-One Printer M2U81A至M2U84B；OfficeJet 5200 All-in-One Printer Z4B12A至Z4B14A；OfficeJet 5200 All-in-One Printer Z4B27A至Z4B29A；HP Smart Tank Wireless 450 Z4B56A；Smart Tank Wireless 450 Z6Z96A至Z6Z98A。