Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote malicious users to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp laserjet 2410 |
||
hp laserjet 2420 |
||
hp color laserjet cm4730 mfp |
||
hp laserjet 9040 mfp |
||
hp laserjet m9050 mpf |
||
hp laserjet m3035 mfp |
||
hp laserjet 4240 |
||
hp laserjet p4515 |
||
hp laserjet 2430n |
||
hp laserjet 4250n |
||
hp laserjet 9050 mfp |
||
hp laserjet 4345 mfp |
||
hp laserjet m3027 mfp |
||
hp cm8050 mfp |
||
hp laserjet p4014 |
||
hp color laserjet 3000n |
||
hp color laserjet 3800n |
||
hp laserjet 4350n |
||
hp laserjet 5200n |
||
hp laserjet m4345x mfp |
||
hp laserjet m5025 mfp |
||
hp cm8060 mfp |
||
hp laserjet 9040n |
||
hp color laserjet cp3505 |
||
hp color laserjet 3600n |
||
hp color laserjet cp4005n |
||
hp color laserjet 4700n |
||
hp laserjet 9050n |
||
hp color laserjet 4730 mfp |
||
hp color laserjet cp6015 |
||
hp color laserjet 6040 mfp |
||
hp laserjet m9040 mpf |
||
hp ds 9200c |
||
hp ds 9250c |
||
hp laserjet p3005n |