HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B HTTP configuration page Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page.
Remediation uses appropriate response headers. To prevent XSS in HTTP responses that are not intended to contain any HTML or JavaScript. Using the Content-Type and X-Content-Type-Options headers ensures that browsers interpret the responses in the way intended.
Cross Site Scripting (XSS)
HP
HP Deskjet Ink Advantage 2540 All-in-One Printer series - Firmware Version CEP1FN1418BR and Product Model Number A9U23B
HP Deskjet 2540 series printer HTTP configuration page.
Local
true
true
Disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account.
To exploit the vulnerability, the attacker must be authenticated.
Jiraput Thamsongkrah