Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2684

Published: 13/10/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Hp

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote malicious users to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Vulnerable Product Search on Vulmon Subscribe to Product

hp laserjet 2410

hp laserjet 2420

hp color laserjet cm4730 mfp

hp laserjet 9040 mfp

hp laserjet m9050 mpf

hp laserjet m3035 mfp

hp laserjet 4240

hp laserjet p4515

hp laserjet 2430n

hp laserjet 4250n

hp laserjet 9050 mfp

hp laserjet 4345 mfp

hp laserjet m3027 mfp

hp cm8050 mfp

hp laserjet p4014

hp color laserjet 3000n

hp color laserjet 3800n

hp laserjet 4350n

hp laserjet 5200n

hp laserjet m4345x mfp

hp laserjet m5025 mfp

hp cm8060 mfp

hp laserjet 9040n

hp color laserjet cp3505

hp color laserjet 3600n

hp color laserjet cp4005n

hp color laserjet 4700n

hp laserjet 9050n

hp color laserjet 4730 mfp

hp color laserjet cp6015

hp color laserjet 6040 mfp

hp laserjet m9040 mpf

hp ds 9200c

hp ds 9250c

hp laserjet p3005n

Vendor Advisories

HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI02463 SSRT090061 rev.2 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS)
Potential security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS) ...

Exploits

Exploit DB: HP LaserJet Cross Site Scripting
Multiple security vulnerabilities have been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders The vulnerabilities could be exploited remotely by Cross Site Scripting (XSS) ...
Exploit DB: HP Multiple LaserJet Printer - Cross-Site Scripting
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048 dsecrgru/pages/vul/showphp?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: wwwhpcom/ Bug: Multiple Stored X ...
Exploit DB: HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-048 dsecrgru/pages/vul/showphp?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: wwwhpcom/ Bug: Multiple Stored XSS Vulnerabilities Exploits: YES Reported: 07042009 Vendor response: 0804 ...

References

CWE-79http://dsecrg.com/pages/vul/show.php?id=148http://secunia.com/advisories/36969http://www.securityfocus.com/bid/36613http://www.vupen.com/english/advisories/2009/2850http://marc.info/?l=bugtraq&m=125493484205823&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/53677http://www.securityfocus.com/archive/1/507038/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/81867/HP-LaserJet-Cross-Site-Scripting.htmlhttps://www.exploit-db.com/exploits/10055/https://support.hp.com/us-en/document/c01841397
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook