Cross-site scripting (XSS)
Source: HP, HP Product Security Response Team (PSRT)
Reported by: Barış Sağdıç (BS Cyber Security Inc.)
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS).
Update the firmware for impacted printers as indicated in the table below.
Go to Software and Drivers Downloads, and then navigate to the product page for your printer.
Click Firmware in the list, and then click Download next to the update.
Printer name
|
Model number
|
Firmware revision
—|—|—
HP DeskJet 2600 All-in-One Printer series
|
4UJ28B
V1N01A - V1N08A
Y5H60A - Y5H80A
|
1923 (or later)
HP DeskJet Ink Advantage 2600 All-in-One Printer series
|
V1N02A - V1N02B
Y5Z00A - Y5Z04B
|
1923 (or later)
HP DeskJet Ink Advantage 5000 All-in-One Printer series
|
M2U86A - M2U89B
|
003.1925A (or later)
HP DeskJet Ink Advantage 5200 All-in-One Printer series
|
M2U76A - M2U78B
|
003.1925A (or later)
HP ENVY 5000 All-in-One Printer series
|
M2U85A - M2U85B
M2U91A - M2U94B
Z4A54A - Z4A74A
|
003.1925A (or later)
HP ENVY Photo 6200 All-in-One Printer series
|
K7G18A-K7G26B
K7S21B
Y0K13D - Y0K15A
|
003.1925A (or later)
HP ENVY Photo 7100 All-in-One Printer series
|
3XD89A
K7G93A-K7G99A
Z3M37A - Z3M52A
|
003.1925A (or later)
HP ENVY Photo 7800 All-in-One Printer series
|
K7R96A
K7S00A - K7S10D
Y0G42D - Y0G52B
|
003.1925A (or later)
HP Ink Tank Wireless 410 series
|
Z4B53A - Z4B55A
Z6Z95A - Z6Z99A
4DX94A - 4DX95A
4YF79A
Z7A01A
|
1924 (or later)
HP OfficeJet 5200 All-in-One Printer series
|
M2U75A
M2U81A-M2U84B
Z4B12A - Z4B14A
Z4B27A - Z4B29A
|
003.1925A (or later)
HP Smart Tank Wireless 450 series
|
Z4B56A
Z6Z96A - Z6Z98A
|
1924 (or later)