Description
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
Affected Software
Related
{"id": "CVE-2021-3441", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-3441", "description": "A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).", "published": "2021-10-29T12:15:00", "modified": "2021-11-03T12:50:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.7, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3441", "reporter": "hp-security-alert@hp.com", "references": ["https://support.hp.com/us-en/document/ish_4433829-4433857-16/hpsbpi03742"], "cvelist": ["CVE-2021-3441"], "immutableFields": [], "lastseen": "2022-03-23T18:41:55", "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["BE728CA4-A5A9-5BC0-BE7D-09C5D9B55ED2"]}, {"type": "hp", "idList": ["HPSBPI03742"]}], "rev": 4}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["BE728CA4-A5A9-5BC0-BE7D-09C5D9B55ED2"]}, {"type": "hp", "idList": ["HPSBPI03742"]}]}, "exploitation": null, "vulnersScore": 0.9}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:hp:officejet_7110_firmware:*"], "cpe23": ["cpe:2.3:o:hp:officejet_7110_firmware:*:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "hp:officejet_7110_firmware", "version": "*", "operator": "eq", "name": "hp officejet 7110 firmware"}], "affectedConfiguration": [{"name": "hp officejet 7110", "cpeName": "hp:officejet_7110", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:hp:officejet_7110_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "2117a", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:hp:officejet_7110:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://support.hp.com/us-en/document/ish_4433829-4433857-16/hpsbpi03742", "name": "https://support.hp.com/us-en/document/ish_4433829-4433857-16/hpsbpi03742", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}
{"githubexploit": [{"lastseen": "2021-12-10T15:32:20", "description": "# HP CVE Check \n> A python threat intelligence tool for automat...", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.8, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-01-26T23:23:08", "type": "githubexploit", "title": "Exploit for Cross-site Scripting in Hp Officejet 7110 Firmware", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3441"], "modified": "2021-08-26T02:09:11", "id": "BE728CA4-A5A9-5BC0-BE7D-09C5D9B55ED2", "href": "", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "privateArea": 1}], "hp": [{"lastseen": "2021-09-20T21:05:53", "description": "A potential security vulnerability has been identified for the HP OfficeJet\n7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).\n\n\nUpdate your printer firmware.\n\n", "cvss3": {}, "published": "2021-08-19T00:00:00", "type": "hp", "title": "HP OfficeJet 7110 Wide Format ePrinter \u2013 Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3441"], "modified": "2021-08-21T00:00:00", "id": "HPSBPI03742", "href": "https://support.hp.com/us-en/document/ish_4433829-4433857-16/HPSBPI03742", "cvss": {"score": "5.1", "vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L/"}}]}
CVE-2021-3441
