Unrated severityNVD Advisory· Published Oct 13, 2009· Updated Apr 23, 2026

CVE-2009-2684

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Affected products

HP/Cm8050 Mfp
cpe:2.3:h:hp:cm8050_mfp:*:*:*:*:*:*:*:*
HP/Cm8060 Mfp
cpe:2.3:h:hp:cm8060_mfp:*:*:*:*:*:*:*:*
HP/Color Laserjet 3000n
cpe:2.3:h:hp:color_laserjet_3000n:*:*:*:*:*:*:*:*
HP/Color Laserjet 3600n
cpe:2.3:h:hp:color_laserjet_3600n:*:*:*:*:*:*:*:*
HP/Color Laserjet 3800n
cpe:2.3:h:hp:color_laserjet_3800n:*:*:*:*:*:*:*:*
HP/Color Laserjet 4700n
cpe:2.3:h:hp:color_laserjet_4700n:*:*:*:*:*:*:*:*
HP/Color Laserjet 4730 Mfp
cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*
HP/Color Laserjet 6040 Mfp
cpe:2.3:h:hp:color_laserjet_6040_mfp:*:*:*:*:*:*:*:*
HP/Color Laserjet Cm4730 Mfp
cpe:2.3:h:hp:color_laserjet_cm4730_mfp:*:*:*:*:*:*:*:*
HP/Color Laserjet Cp3505
cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*
HP/Color Laserjet Cp4005n
cpe:2.3:h:hp:color_laserjet_cp4005n:*:*:*:*:*:*:*:*
HP/Color Laserjet Cp6015
cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*
HP/Ds 9200c
cpe:2.3:h:hp:ds_9200c:*:*:*:*:*:*:*:*
HP/Ds 9250c
cpe:2.3:h:hp:ds_9250c:*:*:*:*:*:*:*:*
HP/Laserjet 2410
cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*
HP/Laserjet 2420
cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*
HP/Laserjet 2430n
cpe:2.3:h:hp:laserjet_2430n:*:*:*:*:*:*:*:*
HP/Laserjet 4240
cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*
HP/Laserjet 4250n
cpe:2.3:h:hp:laserjet_4250n:*:*:*:*:*:*:*:*
HP/Laserjet 4345mfp
cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*
HP/Laserjet 4350n
cpe:2.3:h:hp:laserjet_4350n:*:*:*:*:*:*:*:*
HP/Laserjet 5200n
cpe:2.3:h:hp:laserjet_5200n:*:*:*:*:*:*:*:*
HP/Laserjet 9040mfp
cpe:2.3:h:hp:laserjet_9040_mfp:*:*:*:*:*:*:*:*
HP/Laserjet 9040n
cpe:2.3:h:hp:laserjet_9040n:*:*:*:*:*:*:*:*
HP/Laserjet 9050mfp
cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*
HP/Laserjet 9050n
cpe:2.3:h:hp:laserjet_9050n:*:*:*:*:*:*:*:*
HP/Laserjet M3027 Mfp
cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*
HP/Laserjet M3035 Mfp
cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*
HP/Laserjet M4345x Mfp
cpe:2.3:h:hp:laserjet_m4345x_mfp:*:*:*:*:*:*:*:*
HP/Laserjet M5025 Mfp
cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*
HP/Laserjet M9040 Mpf
cpe:2.3:h:hp:laserjet_m9040_mpf:*:*:*:*:*:*:*:*
HP/Laserjet M9050 Mpf
cpe:2.3:h:hp:laserjet_m9050_mpf:*:*:*:*:*:*:*:*
HP/Laserjet P3005n
cpe:2.3:h:hp:laserjet_p3005n:*:*:*:*:*:*:*:*
HP/Laserjet P4014
cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*
HP/Laserjet P4515
cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dsecrg.com/pages/vul/show.phpnvdExploit
secunia.com/advisories/36969nvdVendor Advisory
www.vupen.com/english/advisories/2009/2850nvdVendor Advisory
marc.infonvd
www.securityfocus.com/archive/1/507038/100/0/threadednvd
www.securityfocus.com/bid/36613nvd
exchange.xforce.ibmcloud.com/vulnerabilities/53677nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000