All the vulnerabilites related to hp - laserjet_p3015
cve-2011-4785
Vulnerability from cvelistv5
Published
2012-01-10 11:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/521160 | vendor-advisory, x_refsource_HP | |
| http://osvdb.org/78224 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47457 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/521160 | vendor-advisory, x_refsource_HP | |
| http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/521165 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72227 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/51329 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBPI02733",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "78224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78224"
},
{
"name": "47457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47457"
},
{
"name": "SSRT100646",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"name": "hp-laserjet-unspecified-unauth-access(72227)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
},
{
"name": "51329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "HPSBPI02733",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "78224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78224"
},
{
"name": "47457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47457"
},
{
"name": "SSRT100646",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"name": "hp-laserjet-unspecified-unauth-access(72227)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
},
{
"name": "51329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-4785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02733",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "78224",
"refsource": "OSVDB",
"url": "http://osvdb.org/78224"
},
{
"name": "47457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47457"
},
{
"name": "SSRT100646",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"name": "20120109 DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"name": "hp-laserjet-unspecified-unauth-access(72227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
},
{
"name": "51329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2011-4785",
"datePublished": "2012-01-10T11:00:00",
"dateReserved": "2011-12-13T00:00:00",
"dateUpdated": "2024-08-07T00:16:34.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3272
Vulnerability from cvelistv5
Published
2012-12-06 11:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 | vendor-advisory, x_refsource_HP | |
| http://www.securitytracker.com/id?1027841 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-08T10:00:00",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"name": "SSRT100778",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100778",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "HPSBPI02828",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"name": "1027841",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2012-3272",
"datePublished": "2012-12-06T11:00:00",
"dateReserved": "2012-06-06T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-01-10 11:55
Modified
2024-11-21 01:32
Severity ?
Summary
Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | hp-chaisoe | 1.0 | |
| hp | laserjet_2430 | 08.113.0_i35128 | |
| hp | laserjet_4650 | 07.006.0 | |
| hp | laserjet_p3015 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:hp-chaisoe:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1657B3C6-C1E7-4906-B7FC-24C9AC6B231F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:laserjet_2430:08.113.0_i35128:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D49304-8C2D-4B6C-9CDE-3D39B98C3D82",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:laserjet_4650:07.006.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C175E65-7294-49C2-8F92-3ABE22488FAA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F451457E-1653-4CB6-B9C2-60F96D8F63EA",
"versionEndIncluding": "07.080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor web HP-ChaiSOE/1.0 en la impresora HP LaserJet P3015 con firmware anterior a v07.080.3, impresora LaserJet 4650 con firmware v07.006.0, e impresora LaserJet 2430 con firmware v08.113.0_I35128 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-4419."
}
],
"id": "CVE-2011-4785",
"lastModified": "2024-11-21T01:32:59.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-10T11:55:05.057",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://osvdb.org/78224"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://secunia.com/advisories/47457"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securityfocus.com/bid/51329"
},
{
"source": "hp-security-alert@hp.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/521160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/521165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72227"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-06 11:45
Modified
2024-11-21 01:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | color_laserjet_cm3530 | * | |
| hp | color_laserjet_cm60xx | * | |
| hp | color_laserjet_cp3525 | * | |
| hp | color_laserjet_cp4xxx | * | |
| hp | color_laserjet_cp6015 | * | |
| hp | laserjet_p3015 | * | |
| hp | laserjet_p4xxx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE16FF9-34FC-4173-9057-F894FB86EA71",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cm60xx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577BF556-A637-40FF-82DF-319F973A377B",
"versionEndIncluding": "53.190.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC659F01-95E7-450B-88A2-5EF81F52ADF0",
"versionEndIncluding": "06.140.3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C4401E7-5A4B-4ECB-88E7-858B7EF3DA26",
"versionEndIncluding": "07.120.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BA04F-C4A1-45D1-AC10-42B6B1DFAFAF",
"versionEndIncluding": "04.160.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F908F88A-7579-4144-89A2-5361A4EB06D1",
"versionEndIncluding": "07.140.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hp:laserjet_p4xxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEED1BE2-9E33-45BF-A095-14195711FB10",
"versionEndIncluding": "04.170.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Color LaserJet CM3530 con firmware anterior a v53.190.9, Color LaserJet CM60xx con firmware anterior a v52.210.9, Color LaserJet CP3525 con firmware anterior a v06.140.3 18, Color LaserJet CP4xxx con firmware anterior a v07.120.6, Color LaserJet CP6015 con firmware anterior a v04.160.3, LaserJet P3015 con firmware anterior a v07.140.3, y LaserJet P4xxx con firmware anterior a v04.170.3 permite a atacantes remotos ejecutar secuencias de comandos o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-3272",
"lastModified": "2024-11-21T01:40:33.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-06T11:45:47.060",
"references": [
{
"source": "hp-security-alert@hp.com",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108"
}
],
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}