Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Cm8050 Mfp | All versions |
| Hp | Cm8060 Mfp | All versions |
| Hp | Color Laserjet 3000N | All versions |
| Hp | Color Laserjet 3600N | All versions |
| Hp | Color Laserjet 3800N | All versions |
| Hp | Color Laserjet 4700N | All versions |
| Hp | Color Laserjet 4730 Mfp | All versions |
| Hp | Color Laserjet 6040 Mfp | All versions |
| Hp | Color Laserjet Cm4730 Mfp | All versions |
| Hp | Color Laserjet Cp3505 | All versions |
| Hp | Color Laserjet Cp4005N | All versions |
| Hp | Color Laserjet Cp6015 | All versions |
| Hp | Ds 9200C | All versions |
| Hp | Ds 9250C | All versions |
| Hp | Laserjet 2410 | All versions |
| Hp | Laserjet 2420 | All versions |
| Hp | Laserjet 2430N | All versions |
| Hp | Laserjet 4240 | All versions |
| Hp | Laserjet 4250N | All versions |
| Hp | Laserjet 4345 Mfp | All versions |
Related Weaknesses (CWE)
References
- http://dsecrg.com/pages/vul/show.php?id=148Exploit
- http://marc.info/?l=bugtraq&m=125493484205823&w=2
- http://secunia.com/advisories/36969Vendor Advisory
- http://www.securityfocus.com/archive/1/507038/100/0/threaded
- http://www.securityfocus.com/bid/36613
- http://www.vupen.com/english/advisories/2009/2850Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53677
- http://dsecrg.com/pages/vul/show.php?id=148Exploit
- http://marc.info/?l=bugtraq&m=125493484205823&w=2
- http://secunia.com/advisories/36969Vendor Advisory
- http://www.securityfocus.com/archive/1/507038/100/0/threaded
- http://www.securityfocus.com/bid/36613
- http://www.vupen.com/english/advisories/2009/2850Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53677
FAQ
What is CVE-2009-2684?
CVE-2009-2684 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to...
How severe is CVE-2009-2684?
CVE-2009-2684 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2684?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Cm8050 Mfp, Hp Cm8060 Mfp, Hp Color Laserjet 3000N, Hp Color Laserjet 3600N, Hp Color Laserjet 3800N.