← Back

CVE-2009-2684

nvd nist
Published: Oct 13, 2009Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Affected (35)

Hp
35 products
Cm8050 Mfp
Cm8060 Mfp
Color Laserjet 3000n
Color Laserjet 3600n
Color Laserjet 3800n
Color Laserjet 4700n
Color Laserjet 4730 Mfp
Color Laserjet 6040 Mfp
Color Laserjet Cm4730 Mfp
Color Laserjet Cp3505
Color Laserjet Cp4005n
Color Laserjet Cp6015
Ds 9200c
Ds 9250c
Laserjet 2410
Laserjet 2420
Laserjet 2430n
Laserjet 4240
Laserjet 4250n
Laserjet 4345 Mfp
Laserjet 4350n
Laserjet 5200n
Laserjet 9040 Mfp
Laserjet 9040n
Laserjet 9050 Mfp
Laserjet 9050n
Laserjet M3027 Mfp
Laserjet M3035 Mfp
Laserjet M4345x Mfp
Laserjet M5025 Mfp
Laserjet M9040 Mpf
Laserjet M9050 Mpf
Laserjet P3005n
Laserjet P4014
Laserjet P4515
Configuration A
35 vulnerable
Vulnerable SoftwareAffected Versions
Cm8050 Mfp
All versions
Cm8060 Mfp
All versions
Color Laserjet 3000n
All versions
Color Laserjet 3600n
All versions
Color Laserjet 3800n
All versions
Color Laserjet 4700n
All versions
Color Laserjet 4730 Mfp
All versions
Color Laserjet 6040 Mfp
All versions
Color Laserjet Cm4730 Mfp
All versions
Color Laserjet Cp3505
All versions
Color Laserjet Cp4005n
All versions
Color Laserjet Cp6015
All versions
Ds 9200c
All versions
Ds 9250c
All versions
Laserjet 2410
All versions
Laserjet 2420
All versions
Laserjet 2430n
All versions
Laserjet 4240
All versions
Laserjet 4250n
All versions
Laserjet 4345 Mfp
All versions
Laserjet 4350n
All versions
Laserjet 5200n
All versions
Laserjet 9040 Mfp
All versions
Laserjet 9040n
All versions
Laserjet 9050 Mfp
All versions
Laserjet 9050n
All versions
Laserjet M3027 Mfp
All versions
Laserjet M3035 Mfp
All versions
Laserjet M4345x Mfp
All versions
Laserjet M5025 Mfp
All versions
Laserjet M9040 Mpf
All versions
Laserjet M9050 Mpf
All versions
Laserjet P3005n
All versions
Laserjet P4014
All versions
Laserjet P4515
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.