Cross-Site Scripting Vulnerabilities in HP LaserJet Printers and Digital Senders
CVE-2009-2684

Currently unrated

Key Information:

Vendor

HP
Status
Laserjet 5200n
Laserjet 9050n
Cm8060 Mfp
Color Laserjet Cp3505
Vendor
CVE Published:
13 October 2009

What is CVE-2009-2684?

Multiple cross-site scripting (XSS) vulnerabilities exist in Jetdirect and the Embedded Web Server (EWS) of specific HP LaserJet and Color LaserJet printers, as well as HP Digital Senders. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through the 'Product_URL' or 'Tech_URL' parameters in an Apply action on the support_param.html/config script. Exploiting these vulnerabilities could lead to unauthorized actions and data exposure, highlighting the need for users to implement appropriate security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/36613
vdb-entryx_refsource_BID
http://dsecrg.com/pages/vul/show.php?id=148
x_refsource_MISC
http://www.vupen.com/english/advisories/2009/2850
vdb-entryx_refsource_VUPEN

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.