Home
MEDIUM: 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:NDefault status
unknown
Any version before 9.5.0
affected
Default status
unknown
Any version before 8.6.0
affected
Default status
unknown
Any version before 9.5.0
affected
Description
The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage.
Problem types
CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')
Product status
Any version before 9.5.0
Any version before 8.6.0
Any version before 9.5.0
References
support.hp.com/...ument/ish_15255534-15255565-16/hpsbpy04108