CVE-2022-48311

**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/swzhouu/CVE-2022-48311	Exploit Third Party Advisory
https://github.com/swzhouu/CVE-2022-48311	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:deskjet_2540_a9u23b_firmware:cep1fn1418br:*:*:*:*:*:*:*

cpe:2.3:h:hp:deskjet_2540_a9u23b:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:33

Type	Values Removed	Values Added
Summary		(es) NO COMPATIBLE CUANDO SE ASIGNÓ Cross Site Scripting (XSS) en la impresora HP Deskjet serie 2540, versión de firmware CEP1FN1418BR y número de modelo de producto A9U23B, permite a un atacante autenticado inyectar su propio script en la página a través de la página de configuración HTTP. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.
References	~~() https://github.com/swzhouu/CVE-2022-48311 - Exploit, Third Party Advisory~~	() https://github.com/swzhouu/CVE-2022-48311 - Exploit, Third Party Advisory

Information

Published : 2023-02-06 21:15

Updated : 2025-03-26 14:15

NVD link : CVE-2022-48311

Mitre link : CVE-2022-48311

CVE.ORG link : CVE-2022-48311

JSON object : View

Products Affected

hp

deskjet_2540_a9u23b
deskjet_2540_a9u23b_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-48311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2023-02-06T21:15:09.587", "references": [{"url": "https://github.com/swzhouu/CVE-2022-48311", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/swzhouu/CVE-2022-48311", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "**NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Cross Site Scripting (XSS) en la impresora HP Deskjet serie 2540, versi\u00f3n de firmware CEP1FN1418BR y n\u00famero de modelo de producto A9U23B, permite a un atacante autenticado inyectar su propio script en la p\u00e1gina a trav\u00e9s de la p\u00e1gina de configuraci\u00f3n HTTP. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2025-03-26T14:15:25.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:deskjet_2540_a9u23b_firmware:cep1fn1418br:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF461DB8-B585-41D6-B273-B3AAE0F8DEC1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:deskjet_2540_a9u23b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6D08523-DEFD-4A49-82AC-E381C09785ED"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}