CVE & CISA-KEV Catalog

CVE-2019-6332

MEDIUM
4.8
CVSS v3
NVD

Description

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

How to fix

Remediation Available
deskjet 2600 4uj28b firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet 2600 v1n01a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet 2600 v1n08a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet 2600 y5h60a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet 2600 y5h80a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet ink advantage 2600 v1n02a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet ink advantage 2600 v1n02b firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet ink advantage 2600 y5z00a firmwareNVD
Affected:< 1923Fixed in:1923CVE-2019-6332derived from NVD
deskjet ink advantage 5000 m2u86a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
deskjet ink advantage 5000 m2u89b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
deskjet ink advantage 5200 m2u76a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
deskjet ink advantage 5200 m2u78b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 m2u85a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 m2u85b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 m2u91a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 m2u94b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 z4a54a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy 5000 z4a74a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 6200 k7g18a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 6200 k7g26b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 6200 k7s21b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 6200 y0k13d firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 6200 y0k15a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7100 3xd89a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7100 k7g93a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7100 k7g99a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7100 z3m37a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7100 z3m52a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7800 k7r96a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7800 k7s00a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7800 k7s10d firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7800 y0g42d firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
envy photo 7800 y0g52b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
ink tank wireless 410 4dx94a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 4dx95a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 4yf79a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 z4b53a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 z4b55a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 z6z95a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 z6z99a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
ink tank wireless 410 z7a01a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
officejet 5200 m2u75a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 m2u81a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 m2u84b firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 z4b12a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 z4b14a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 z4b27a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
officejet 5200 z4b29a firmwareNVD
Affected:< 003.1925aFixed in:003.1925aCVE-2019-6332derived from NVD
smart tank wireless 450 z4b56a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
smart tank wireless 450 z6z96a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD
smart tank wireless 450 z6z98a firmwareNVD
Affected:< 1924Fixed in:1924CVE-2019-6332derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionRequired
ScopeChanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploit Intelligence

0.65%probability of exploitation in 30 days
47thpercentile

Moderate risk: more likely to be exploited than 47% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-79 (Cross-Site Scripting (XSS)) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2020-11022Medium6.999%-Fix
CVE-2019-3929Critical9.899%KEVFix
CVE-2020-9496Medium6.199%--
CVE-2023-28341Medium6.199%-Fix
CVE-2018-12998Medium6.198%--
CVE-2025-4123High7.698%-Fix
Embed a live status badge for CVE-2019-6332
CVE-2019-6332 severity badge

Markdown

[![CVE-2019-6332](https://tridentstack.com/cve/badge/CVE-2019-6332.svg)](https://tridentstack.com/cve/CVE-2019-6332)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-6332"><img src="https://tridentstack.com/cve/badge/CVE-2019-6332.svg" alt="CVE-2019-6332"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.