CVE-2009-2684

Exploit

EPSS 4.06%
Published 13.10.2009 10:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Cm8050 Mfp

Hp ≫ Cm8060 Mfp

Hp ≫ Color Laserjet 3000n

Hp ≫ Color Laserjet 3600n

Hp ≫ Color Laserjet 3800n

Hp ≫ Color Laserjet 4700n

Hp ≫ Color Laserjet 4730 Mfp

Hp ≫ Color Laserjet 6040 Mfp

Hp ≫ Color Laserjet Cm4730 Mfp

Hp ≫ Color Laserjet Cp3505

Hp ≫ Color Laserjet Cp4005n

Hp ≫ Color Laserjet Cp6015

Hp ≫ Ds 9200c

Hp ≫ Ds 9250c

Hp ≫ Laserjet 2410

Hp ≫ Laserjet 2420

Hp ≫ Laserjet 2430n

Hp ≫ Laserjet 4240

Hp ≫ Laserjet 4250n

Hp ≫ Laserjet 4345 Mfp

Hp ≫ Laserjet 4350n

Hp ≫ Laserjet 5200n

Hp ≫ Laserjet 9040 Mfp

Hp ≫ Laserjet 9040n

Hp ≫ Laserjet 9050 Mfp

Hp ≫ Laserjet 9050n

Hp ≫ Laserjet M3027 Mfp

Hp ≫ Laserjet M3035 Mfp

Hp ≫ Laserjet M4345x Mfp

Hp ≫ Laserjet M5025 Mfp

Hp ≫ Laserjet M9040 Mpf

Hp ≫ Laserjet M9050 Mpf

Hp ≫ Laserjet P3005n

Hp ≫ Laserjet P4014

Hp ≫ Laserjet P4515

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.06%	0.874

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://dsecrg.com/pages/vul/show.php?id=148

Exploit

http://marc.info/?l=bugtraq&m=125493484205823&w=2

http://secunia.com/advisories/36969

Vendor Advisory

http://www.securityfocus.com/archive/1/507038/100/0/threaded

http://www.securityfocus.com/bid/36613

http://www.vupen.com/english/advisories/2009/2850

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53677

https://nvd.nist.gov/vuln/detail/CVE-2009-2684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2684

EUVD