Skip to main content

🎉    We recently published 2 CVE's

foo

CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

foo

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

Obsrva Vulnerability Advisories

Obsrva coordinates with product vendors to publish vulnerability advisories on obsrva.org/advisories. Advisories allow customers, blue and red team operators, and the broader research community to access technical details and research methodology.

All Advisories


Overview: Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

Credit: Tyler Butler

Disclosure Date: 2021-08-22

Advisory Link: CVE-2021-3441


Overview: Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

Credit: Tyler Butler

Disclosure Date: 2021-06-06

Advisory Link: CVE-2021-35956

Connect on Twitter