Home

Description

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.

PUBLISHED Reserved 2026-04-08 | Published 2026-07-08 | Updated 2026-07-09 | Assigner hp




MEDIUM: 5.9CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Default status
unknown

Any version before 9.5.0
affected

Default status
unknown

Any version before 8.6.0
affected

Default status
unknown

Any version before 9.5.0
affected

References

support.hp.com/...ument/ish_15255534-15255565-16/hpsbpy04108

cve.org (CVE-2026-5922)

nvd.nist.gov (CVE-2026-5922)

Download JSON