CVE-2009-2684

Currently unrated

Key Information:

Vendor: HP
Status: Laserjet 5200n; Laserjet 9050n; Cm8060 Mfp; Color Laserjet Cp3505
Vendor: CVE Published:; 13 October 2009

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

References

http://www.securityfocus.com/bid/36613

vdb-entryx_refsource_BID

http://dsecrg.com/pages/vul/show.php?id=148

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/2850

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 13, 2009
Vulnerability Reserved
Aug 5, 2009