Strix
26.1K

CVE-2009-2684

UnknownEPSS 2.21%

Last modified

CVE-2009-2684 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.. EPSS estimates a 2.21% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Metrics

EPSS Probability
2.21%

80.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HpCm8050 MfpAll versions
HpCm8060 MfpAll versions
HpColor Laserjet 3000nAll versions
HpColor Laserjet 3600nAll versions
HpColor Laserjet 3800nAll versions
HpColor Laserjet 4700nAll versions
HpColor Laserjet 4730 MfpAll versions
HpColor Laserjet 6040 MfpAll versions
HpColor Laserjet Cm4730 MfpAll versions
HpColor Laserjet Cp3505All versions
HpColor Laserjet Cp4005nAll versions
HpColor Laserjet Cp6015All versions
HpDs 9200cAll versions
HpDs 9250cAll versions
HpLaserjet 2410All versions
HpLaserjet 2420All versions
HpLaserjet 2430nAll versions
HpLaserjet 4240All versions
HpLaserjet 4250nAll versions
HpLaserjet 4345 MfpAll versions
HpLaserjet 4350nAll versions
HpLaserjet 5200nAll versions
HpLaserjet 9040 MfpAll versions
HpLaserjet 9040nAll versions
HpLaserjet 9050 MfpAll versions
HpLaserjet 9050nAll versions
HpLaserjet M3027 MfpAll versions
HpLaserjet M3035 MfpAll versions
HpLaserjet M4345x MfpAll versions
HpLaserjet M5025 MfpAll versions
HpLaserjet M9040 MpfAll versions
HpLaserjet M9050 MpfAll versions
HpLaserjet P3005nAll versions
HpLaserjet P4014All versions
HpLaserjet P4515All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-2684?
Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.
How severe is CVE-2009-2684?
Severity scoring for CVE-2009-2684 is pending analysis. The EPSS model estimates a 2.21% probability of exploitation in the next 30 days.
How do I fix CVE-2009-2684?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2684?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST