CVE-2012-3272

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108	Vendor Advisory
http://www.securitytracker.com/id?1027841

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:hp:color_laserjet_cp4xxx::::::::
	cpe:2.3:h:hp:color_laserjet_cp6015::::::::
	cpe:2.3:h:hp:color_laserjet_cm60xx::::::::
	cpe:2.3:h:hp:color_laserjet_cp3525::::::::
	cpe:2.3:h:hp:color_laserjet_cm3530::::::::
	cpe:2.3:h:hp:laserjet_p3015::::::::
	cpe:2.3:h:hp:laserjet_p4xxx::::::::

Information

Published : 2012-12-06 03:45

Updated : 2013-01-07 21:03

NVD link : CVE-2012-3272

Mitre link : CVE-2012-3272

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

hp

color_laserjet_cp6015
color_laserjet_cp3525
color_laserjet_cm3530
color_laserjet_cp4xxx
color_laserjet_cm60xx
laserjet_p3015
laserjet_p4xxx

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108", "name": "SSRT100778", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id?1027841", "name": "1027841", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-3272", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2012-12-06T11:45Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp4xxx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "07.120.5"}, {"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "04.160.2"}, {"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm60xx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "53.190.8"}, {"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cp3525:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "06.140.3.17"}, {"cpe23Uri": "cpe:2.3:h:hp:color_laserjet_cm3530:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "53.190.8"}, {"cpe23Uri": "cpe:2.3:h:hp:laserjet_p3015:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "07.140.2"}, {"cpe23Uri": "cpe:2.3:h:hp:laserjet_p4xxx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "04.170.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-01-08T05:03Z"}