CVE-2012-3272

2012-12-0611:45:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3272

color laserjet

xss

vulnerability

firmware

remote attackers

web script

html

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
hp:laserjet_p4xxxhp laserjet p4xxxle04.170.2
hp:color_laserjet_cm60xxhp color laserjet cm60xxle53.190.8
hp:color_laserjet_cp3525hp color laserjet cp3525le06.140.3.17
hp:color_laserjet_cm3530hp color laserjet cm3530le53.190.8
hp:color_laserjet_cp6015hp color laserjet cp6015le04.160.2
hp:color_laserjet_cp4xxxhp color laserjet cp4xxxle07.120.5
hp:laserjet_p3015hp laserjet p3015le07.140.2

CPE	Name	Operator	Version
hp:laserjet_p4xxx	hp laserjet p4xxx	le	04.170.2
hp:color_laserjet_cm60xx	hp color laserjet cm60xx	le	53.190.8
hp:color_laserjet_cp3525	hp color laserjet cp3525	le	06.140.3.17
hp:color_laserjet_cm3530	hp color laserjet cm3530	le	53.190.8
hp:color_laserjet_cp6015	hp color laserjet cp6015	le	04.160.2
hp:color_laserjet_cp4xxx	hp color laserjet cp4xxx	le	07.120.5
hp:laserjet_p3015	hp laserjet p3015	le	07.140.2