Cross-Site Scripting Vulnerabilities in HP LaserJet Printers and Digital Senders
CVE-2009-2684

Currently unrated

Key Information:

Vendor: HP
Status: Laserjet 5200n; Laserjet 9050n; Cm8060 Mfp; Color Laserjet Cp3505
Vendor: CVE Published:; 13 October 2009

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in Jetdirect and the Embedded Web Server (EWS) of specific HP LaserJet and Color LaserJet printers, as well as HP Digital Senders. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through the 'Product_URL' or 'Tech_URL' parameters in an Apply action on the support_param.html/config script. Exploiting these vulnerabilities could lead to unauthorized actions and data exposure, highlighting the need for users to implement appropriate security measures.

References

http://www.securityfocus.com/bid/36613

vdb-entryx_refsource_BID

http://dsecrg.com/pages/vul/show.php?id=148

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/2850

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 13, 2009
Vulnerability Reserved
Aug 5, 2009