Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2684

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Published

2009-10-13T10:30:00.280

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	hp	cm8050_mfp	*	Yes
Hardware	hp	cm8060_mfp	*	Yes
Hardware	hp	color_laserjet_3000n	*	Yes
Hardware	hp	color_laserjet_3600n	*	Yes
Hardware	hp	color_laserjet_3800n	*	Yes
Hardware	hp	color_laserjet_4700n	*	Yes
Hardware	hp	color_laserjet_4730_mfp	*	Yes
Hardware	hp	color_laserjet_6040_mfp	*	Yes
Hardware	hp	color_laserjet_cm4730_mfp	*	Yes
Hardware	hp	color_laserjet_cp3505	*	Yes
Hardware	hp	color_laserjet_cp4005n	*	Yes
Hardware	hp	color_laserjet_cp6015	*	Yes
Hardware	hp	ds_9200c	*	Yes
Hardware	hp	ds_9250c	*	Yes
Hardware	hp	laserjet_2410	*	Yes
Hardware	hp	laserjet_2420	*	Yes
Hardware	hp	laserjet_2430n	*	Yes
Hardware	hp	laserjet_4240	*	Yes
Hardware	hp	laserjet_4250n	*	Yes
Hardware	hp	laserjet_4345_mfp	*	Yes
Hardware	hp	laserjet_4350n	*	Yes
Hardware	hp	laserjet_5200n	*	Yes
Hardware	hp	laserjet_9040_mfp	*	Yes
Hardware	hp	laserjet_9040n	*	Yes
Hardware	hp	laserjet_9050_mfp	*	Yes
Hardware	hp	laserjet_9050n	*	Yes
Hardware	hp	laserjet_m3027_mfp	*	Yes
Hardware	hp	laserjet_m3035_mfp	*	Yes
Hardware	hp	laserjet_m4345x_mfp	*	Yes
Hardware	hp	laserjet_m5025_mfp	*	Yes
Hardware	hp	laserjet_m9040_mpf	*	Yes
Hardware	hp	laserjet_m9050_mpf	*	Yes
Hardware	hp	laserjet_p3005n	*	Yes
Hardware	hp	laserjet_p4014	*	Yes
Hardware	hp	laserjet_p4515	*	Yes

References

http://dsecrg.com/pages/vul/show.php?id=148 Exploit ([email protected])
http://marc.info/?l=bugtraq&m=125493484205823&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=125493484205823&w=2 ([email protected])
http://secunia.com/advisories/36969 Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/507038/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/36613 ([email protected])
http://www.vupen.com/english/advisories/2009/2850 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/53677 ([email protected])
http://dsecrg.com/pages/vul/show.php?id=148 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=125493484205823&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=125493484205823&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36969 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507038/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36613 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2850 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53677 (af854a3a-2127-422b-91ae-364da2661108)