Skip to main content

🎉    We recently published 3 CVE's

foo

CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

foo

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

Obsrva Research Team

...
Tyler Butler | Founder & Lead Researcher

Tyler gained his undergraduate degree in Security and Risk Analysis from The Pennsylvania State University and started his cyber security career at Deloitte where he served clients as a penetration tester and red team operator. Tyler currently holds the eWPT and eJPT certifications, is credited with several CVE's including CVE-2021-35956 and CVE-2021-3441, and was nominated to the Motorola Solutions Bug Bounty Hall of Fame.

Recent Publications

CVE-2021-38701 - Avigilon Stored Cross Site Scripting
Oct 23, 21

Stored cross-site scripting (XSS) in 13 different Avigilon products enables r...
MonkeyType.com Vulnerability Disclosure
Aug 22, 21

In May, independent security researcher Tyler Butler disclosed a series of vu...
HP Officejet - ‘AirPrint’ Cross Site Scripting (XSS)
Aug 22, 21

Stored cross-site scripting (XSS) in the embedded webserver of certain HP Off...
CVE-2021-3441 Proof of Concept Exploit
Aug 22, 21

Proof of concept exploit for CVE-2021-3441- HP OfficeJet 4630 Unauthenticated...
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
Aug 22, 21

Proof of concept exploit for AKCP sensorProbe SPX476 - 'Multiple' Cross-Site ...

Connect on Twitter