4.3
CVSSv2

CVE-2009-2684

Published: 13/10/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote malicious users to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Vendor Advisories

Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS) ...

Exploits

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048 dsecrgru/pages/vul/showphp?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: wwwhpcom/ Bug: Multiple Stored X ...
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048 dsecrgru/pages/vul/showphp?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: wwwhpcom/ Bug: Multiple Stored XSS Vulnerabilities Exploits: YES Reported: 07042009 Vendor response: 0804 ...

Mailing Lists

Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS) ...