C
ertain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.
References
| Link | Resource |
|---|---|
| https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940 | Vendor Advisory |
| https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
History
26 Jan 2026, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:hp:cz174a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz177a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz173a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz185a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz183a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz187a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz185a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz176a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz186a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz182a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz181a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz175a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz172a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz173a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz176a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz184a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz172a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz178a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz184a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz177a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:cz183a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz181a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz186a:-:*:*:*:*:*:*:* cpe:2.3:o:hp:cz174a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz178a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz187a_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hp:cz182a_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hp:cz175a:-:*:*:*:*:*:*:* |
|
| First Time |
Hp cz177a
Hp cz173a Hp cz183a Firmware Hp cz185a Hp cz178a Hp cz183a Hp cz187a Hp cz175a Firmware Hp cz184a Hp cz182a Hp cz174a Firmware Hp cz176a Firmware Hp cz172a Firmware Hp cz184a Firmware Hp cz178a Firmware Hp cz174a Hp cz182a Firmware Hp cz173a Firmware Hp cz177a Firmware Hp cz176a Hp cz181a Hp cz172a Hp cz181a Firmware Hp cz186a Firmware Hp cz186a Hp cz187a Firmware Hp cz175a Hp cz185a Firmware Hp |
|
| References | () https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940 - Vendor Advisory |
14 Mar 2025, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.6 |
21 Nov 2024, 09:09
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://support.hp.com/us-en/document/ish_10617756-10617781-16/hpsbpi03940 - |
23 May 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-23 17:15
Updated : 2026-01-26 14:02
NVD link : CVE-2024-2301
Mitre link : CVE-2024-2301
CVE.ORG link : CVE-2024-2301
JSON object : View
Products Affected
- cz185a_firmware
- cz175a_firmware
- cz186a
- cz174a_firmware
- cz184a_firmware
- cz173a
- cz172a_firmware
- cz177a
- cz184a
- cz176a_firmware
- cz172a
- cz177a_firmware
- cz175a
- cz178a_firmware
- cz186a_firmware
- cz174a
- cz181a_firmware
- cz187a
- cz176a
- cz182a
- cz182a_firmware
- cz183a_firmware
- cz178a
- cz181a
- cz173a_firmware
- cz185a
- cz183a
- cz187a_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')