Vulnerability CVE-2009-2684
Published: 2009-10-13   Modified: 2012-02-13

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

See advisories in our WLB2 database:
Topic
Author
Date
Low
HP LaserJet printers - Multiple Stored XSS vulnerabilities
DSecRG
14.10.2009

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
HP -> Laserjet m9050 mpf 
HP -> Laserjet 2420 
HP -> Laserjet p3005n 
HP -> Cm8050 mfp 
HP -> Laserjet 2430n 
HP -> Laserjet p4014 
HP -> Cm8060 mfp 
HP -> Laserjet 4240 
HP -> Laserjet p4515 
HP -> Color laserjet 3000n 
HP -> Laserjet 4250n 
HP -> Color laserjet 3600n 
HP -> Laserjet 4345 mfp 
HP -> Color laserjet 3800n 
HP -> Laserjet 4350n 
HP -> Color laserjet 4700n 
HP -> Laserjet 5200n 
HP -> Color laserjet 4730 mfp 
HP -> Laserjet 9040 mfp 
HP -> Color laserjet 6040 mfp 
HP -> Laserjet 9040n 
HP -> Color laserjet cm4730 mfp 
HP -> Laserjet 9050 mfp 
HP -> Color laserjet cp3505 
HP -> Laserjet 9050n 
HP -> Color laserjet cp4005n 
HP -> Laserjet m3027 mfp 
HP -> Color laserjet cp6015 
HP -> Laserjet m3035 mfp 
HP -> Ds 9200c 
HP -> Laserjet m4345x mfp 
HP -> Ds 9250c 
HP -> Laserjet m5025 mfp 
HP -> Laserjet 2410 
HP -> Laserjet m9040 mpf 

 References:
http://dsecrg.com/pages/vul/show.php?id=148
http://marc.info/?l=bugtraq&m=125493484205823&w=2
http://www.securityfocus.com/archive/1/507038/100/0/threaded
http://www.securityfocus.com/bid/36613
http://www.vupen.com/english/advisories/2009/2850
https://exchange.xforce.ibmcloud.com/vulnerabilities/53677
Copyright 2024, cxsecurity.com

 

Back to Top