CVE-2022-48311

{"id": "CVE-2022-48311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2023-02-06T21:15:09.587", "references": [{"url": "https://github.com/swzhouu/CVE-2022-48311", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/swzhouu/CVE-2022-48311", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "**NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Cross Site Scripting (XSS) en la impresora HP Deskjet serie 2540, versi\u00f3n de firmware CEP1FN1418BR y n\u00famero de modelo de producto A9U23B, permite a un atacante autenticado inyectar su propio script en la p\u00e1gina a trav\u00e9s de la p\u00e1gina de configuraci\u00f3n HTTP. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."}], "lastModified": "2025-03-26T14:15:25.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:deskjet_2540_a9u23b_firmware:cep1fn1418br:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF461DB8-B585-41D6-B273-B3AAE0F8DEC1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:deskjet_2540_a9u23b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6D08523-DEFD-4A49-82AC-E381C09785ED"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}