CVE-2009-2684

HP Printers - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Digital Security Research Group · textremotehardware

https://www.exploit-db.com/exploits/10011

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by sh2kerr · textremotehardware

https://www.exploit-db.com/exploits/10055

View Code ZIP pw:eip

References (7)

[Exploit] http://dsecrg.com/pages/vul/show.php?id=148

[Mailing List] http://marc.info/?l=bugtraq&m=125493484205823&w=2

[Vendor Advisory] http://secunia.com/advisories/36969

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2850

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53677

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507038/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36613

Scores

EPSS 0.0650

EPSS Percentile 91.0%

Classification

CWE

CWE-79

Status published

Affected Products (36)

hp/cm8050_mfp

hp/cm8060_mfp

hp/color_laserjet_3000n

hp/color_laserjet_3600n

hp/color_laserjet_3800n

hp/color_laserjet_4700n

hp/color_laserjet_4730_mfp

hp/color_laserjet_6040_mfp

hp/color_laserjet_cm4730_mfp

hp/color_laserjet_cp3505

hp/color_laserjet_cp4005n

hp/color_laserjet_cp6015

hp/ds_9200c

hp/ds_9250c

hp/laserjet_2410

... and 21 more

Timeline

Published Oct 13, 2009

Tracked Since Feb 18, 2026