CVE-2019-6324

Name of the Vulnerable Software and Affected Versions HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419 HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426

Description The issue is related to an embedded web server in the printers, which may be vulnerable to stored XSS in the wireless configuration page. This vulnerability exists due to inadequate protection of the web page structure. Exploitation of this issue could allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For HP Color LaserJet Pro M280-M281 Multifunction Printer series versions before 20190419, update to a version 20190419 or later. For HP LaserJet Pro MFP M28-M31 Printer series versions before 20190426, update to a version 20190426 or later.