{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1578", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2026-01-28T21:52:11.057Z", "datePublished": "2026-02-13T14:56:42.725Z", "dateUpdated": "2026-02-13T16:14:36.813Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "HP App", "vendor": "HP Inc", "versions": [{"lessThan": "<26.0.0.6234", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.</span>"}], "value": "HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-02-13T14:56:42.725Z"}, "references": [{"url": "https://support.hp.com/us-en/document/ish_14083522-14083606-16/hpsbgn04082"}], "source": {"discovery": "UNKNOWN"}, "title": "HP App \u2013 Potential Cross-Site Scripting", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T16:11:57.044517Z", "id": "CVE-2026-1578", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:14:36.813Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1578", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T16:11:57.044517Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T16:12:02.078Z"}}], "cna": {"title": "HP App \u2013 Potential Cross-Site Scripting", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HP Inc", "product": "HP App", "versions": [{"status": "affected", "version": "0", "lessThan": "<26.0.0.6234", "versionType": "custom"}], "platforms": ["Android"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.hp.com/us-en/document/ish_14083522-14083606-16/hpsbgn04082"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-02-13T14:56:42.725Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1578", "state": "PUBLISHED", "dateUpdated": "2026-02-13T16:14:36.813Z", "dateReserved": "2026-01-28T21:52:11.057Z", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "datePublished": "2026-02-13T14:56:42.725Z", "assignerShortName": "hp"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities."}, {"lang": "es", "value": "La aplicaci\u00f3n HP para Android es potencialmente vulnerable a cross-site scripting (XSS) al usar una versi\u00f3n desactualizada de la aplicaci\u00f3n a trav\u00e9s de dispositivos m\u00f3viles. HP est\u00e1 lanzando actualizaciones para mitigar estas vulnerabilidades potenciales."}], "id": "CVE-2026-1578", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "hp-security-alert@hp.com", "type": "Secondary"}]}, "published": "2026-02-13T15:15:57.853", "references": [{"source": "hp-security-alert@hp.com", "url": "https://support.hp.com/us-en/document/ish_14083522-14083606-16/hpsbgn04082"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "hp-security-alert@hp.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["android"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.0.0.6234)"}}], "product": "hp_app", "vendor": "hp_inc"}], "analysis": {"en": {"generated_at": "2026-04-17T19:52:37.442386+00:00", "value": {"mitigation_remediation": ["Install the latest HP App update released by HP from the Google Play Store or official distribution channel.", "If the latest update cannot be installed, uninstall or disable the outdated HP App to prevent exploitation.", "Enforce device security policies that restrict execution of external scripts in web views, such as configuring managed device settings or using a mobile device management solution."], "summary": {"action": "Immediate Patch", "impact": "Cross-Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is HP Inc\u2019s HP App for Android. Any installation running an outdated version of the app is susceptible; no specific version numbers are supplied.", "description_and_impact": "HP App for Android is vulnerable to cross-site scripting when an outdated version is used. The flaw allows an attacker to inject and execute malicious scripts within the app\u2019s web views, potentially compromising user session data, injecting counterfeit content, or executing arbitrary actions on the device. This weakness is documented as CWE-79.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity, while the EPSS score of less than 1% and absence from the KEV catalog suggest a low probability of exploitation in the wild. The vulnerability likely requires the user to interact with malicious content or a compromised web page served within the app, making remote exploitation less straightforward."}}}}, "created": "2026-02-13T21:28:37.103392+00:00", "updated": "2026-04-17T20:00:09.019746+00:00", "vendors": ["hp_inc", "hp_inc$PRODUCT$hp_app"]}