HPSBPI03624 rev.1 - HP InkJet Printers - Cross-site Scripting (XSS)

Potential Security Impact

Cross-site scripting (XSS)

Source: HP, HP Product Security Response Team (PSRT)

Reported by: Barış Sağdıç (BS Cyber Security Inc.)

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS).

RESOLUTION

Update the firmware for impacted printers as indicated in the table below.

1. Go to Software and Drivers Downloads, and then navigate to the product page for your printer.

2. Click Firmware in the list, and then click Download next to the update.

Printer name

|

Model number

|

Firmware revision

—|—|—

HP DeskJet 2600 All-in-One Printer series

|

4UJ28B

V1N01A - V1N08A

Y5H60A - Y5H80A

|

1923 (or later)

HP DeskJet Ink Advantage 2600 All-in-One Printer series

|

V1N02A - V1N02B

Y5Z00A - Y5Z04B

|

1923 (or later)

HP DeskJet Ink Advantage 5000 All-in-One Printer series

|

M2U86A - M2U89B

|

003.1925A (or later)

HP DeskJet Ink Advantage 5200 All-in-One Printer series

|

M2U76A - M2U78B

|

003.1925A (or later)

HP ENVY 5000 All-in-One Printer series

|

M2U85A - M2U85B

M2U91A - M2U94B

Z4A54A - Z4A74A

|

003.1925A (or later)

HP ENVY Photo 6200 All-in-One Printer series

|

K7G18A-K7G26B

K7S21B

Y0K13D - Y0K15A

|

003.1925A (or later)

HP ENVY Photo 7100 All-in-One Printer series

|

3XD89A

K7G93A-K7G99A

Z3M37A - Z3M52A

|

003.1925A (or later)

HP ENVY Photo 7800 All-in-One Printer series

|

K7R96A

K7S00A - K7S10D

Y0G42D - Y0G52B

|

003.1925A (or later)

HP Ink Tank Wireless 410 series

|

Z4B53A - Z4B55A

Z6Z95A - Z6Z99A

4DX94A - 4DX95A

4YF79A

Z7A01A

|

1924 (or later)

HP OfficeJet 5200 All-in-One Printer series

|

M2U75A

M2U81A-M2U84B

Z4B12A - Z4B14A

Z4B27A - Z4B29A

|

003.1925A (or later)

HP Smart Tank Wireless 450 series

|

Z4B56A

Z6Z96A - Z6Z98A

|

1924 (or later)