CVE-2026-1578
Cross-Site Scripting in HP Android App Risks Data Exposure
Publication date: 2026-02-13
Last updated on: 2026-02-13
Assigner: HP Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hp | hp_app_for_android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the HP App for Android being potentially susceptible to cross-site scripting (XSS) attacks when an outdated version of the application is used on mobile devices.
Cross-site scripting (XSS) is a security flaw that allows attackers to inject malicious scripts into otherwise trusted applications, which can then be executed by users.
HP is releasing updates to address and mitigate these potential vulnerabilities.
How can this vulnerability impact me? :
Exploitation of this cross-site scripting vulnerability could allow attackers to execute malicious scripts within the context of the HP App for Android on affected mobile devices.
This could lead to unauthorized actions such as theft of sensitive information, session hijacking, or other malicious activities depending on the app's functionality and data handled.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the HP App for Android to the latest version released by HP, as updates have been provided to address the potential cross-site scripting (XSS) issues.