CVSS: 6.4EPSS: 0%CPEs: 1133EXPL: 0CVE-2023-5113 – Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-5113
04 Oct 2023 — Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Certain HP Enterprise LaserJet and HP LaserJet Managed Printers son potencialmente vulnerables a la denegación de servicio debido a la solicitud de WS-Print y posibles inyecciones de Cross Site Scripting (XSS) a través de jQuery-UI. • https://support.hp.com/us-en/document/ish_9365285-9365309-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 318EXPL: 0CVE-2023-1707
https://notcve.org/view.php?id=CVE-2023-1707
13 Jun 2023 — Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. • https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838 • CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 164EXPL: 1CVE-2009-0940
https://notcve.org/view.php?id=CVE-2009-0940
18 Mar 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 164EXPL: 0CVE-2009-0941
https://notcve.org/view.php?id=CVE-2009-0941
18 Mar 2009 — The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 • CWE-264: Permissions, Privileges, and Access Controls •