CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

AKCP sensorProbe 'Multiple' Cross-Site Scripting (XSS)

In June 2021, Tyler Butler discovered multiple Cross-Site Scripting (XSS) vulnerabilities in the AKCP sensorProbe SPX476. The PoC developed was submitted to the exploit-db database in entry 50080.

Connect on Twitter

Tweets by Obsrva_