CVE-2009-2684

{"id": "CVE-2009-2684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-10-13T10:30:00.280", "references": [{"url": "http://dsecrg.com/pages/vul/show.php?id=148", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=125493484205823&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36969", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/507038/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36613", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2850", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53677", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Jetdirect y Embedded Web Server (EWS) sobre ciertas HP LaserJet e impresoras Color LaserJet, y HP Digital Senders, permiten a atacantes remotos inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de (1) Product_URL o (2)par\u00e1metro Tech_URL en una acci\u00f3n Apply en el c\u00f3digo support_param.html/config."}], "lastModified": "2018-10-10T19:41:38.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:cm8050_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "009EBEE6-1863-4E6B-BB73-8FB1168AD164"}, {"criteria": "cpe:2.3:h:hp:cm8060_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC795DF-7811-461F-8F50-60E00C8EBD69"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_3000n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2916ED3C-57AF-4DE9-9329-DDA66AD983AF"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_3600n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0714BB6-5CB9-42FD-B534-A7BF74F83EF0"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_3800n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "388C4301-9BC1-43EB-8C8F-862D5D5916A5"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_4700n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD166E1F-3A57-4293-AF22-373FB2784FDC"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_4730_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12F0604C-781B-4E69-A88E-C25492CB163C"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_6040_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDAC0E8-889C-4E76-AC6C-B9A6B0D792FC"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cm4730_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E646E2D7-7C65-4A6F-8B51-A6119B512837"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp3505:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B67E71C7-6B28-4326-AFC9-8CA09532C286"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp4005n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EF8ACEA-FB3F-40EA-81C6-29EF9FCFB302"}, {"criteria": "cpe:2.3:h:hp:color_laserjet_cp6015:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5994179E-E492-45D8-95F8-790160D9A0BF"}, {"criteria": "cpe:2.3:h:hp:ds_9200c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "341EE50F-0CD3-401A-B429-3B2EFE285036"}, {"criteria": "cpe:2.3:h:hp:ds_9250c:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA39BF1D-283E-4049-91C9-B93C93432DA4"}, {"criteria": "cpe:2.3:h:hp:laserjet_2410:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92DD1DA2-7210-4A7E-BD37-5365935C7BF6"}, {"criteria": "cpe:2.3:h:hp:laserjet_2420:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2505387C-7739-4EFE-8973-459412727674"}, {"criteria": "cpe:2.3:h:hp:laserjet_2430n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D6F7DE2-1A67-4389-99A9-C6796025E000"}, {"criteria": "cpe:2.3:h:hp:laserjet_4240:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23DD9E6F-1F64-4643-B8E5-B3CAB5F961B4"}, {"criteria": "cpe:2.3:h:hp:laserjet_4250n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF512AA5-F72B-470F-BA53-8EC6851F2F34"}, {"criteria": "cpe:2.3:h:hp:laserjet_4345_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ADF801E-6D02-4CDF-AA6F-9F272D341E1C"}, {"criteria": "cpe:2.3:h:hp:laserjet_4350n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ED3264A-7745-4BB7-9D1B-F7D9560788D7"}, {"criteria": "cpe:2.3:h:hp:laserjet_5200n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DFA350C-6631-4474-8FFD-D439234D2D1F"}, {"criteria": "cpe:2.3:h:hp:laserjet_9040_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5352B3B-71D5-464E-B124-6FFC41F41B32"}, {"criteria": "cpe:2.3:h:hp:laserjet_9040n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87632290-99A8-4E9F-9FA5-F497DE690837"}, {"criteria": "cpe:2.3:h:hp:laserjet_9050_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDA57B8-2AD5-45EF-9824-E60EBFF71D86"}, {"criteria": "cpe:2.3:h:hp:laserjet_9050n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38237939-9DE0-4CDE-916B-E0F822975773"}, {"criteria": "cpe:2.3:h:hp:laserjet_m3027_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE95CC32-07DA-473D-BDAC-347B137E582A"}, {"criteria": "cpe:2.3:h:hp:laserjet_m3035_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEC3DE1F-AA79-4FE8-B634-368BDF14C0B9"}, {"criteria": "cpe:2.3:h:hp:laserjet_m4345x_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7995CEA-25BF-45A1-B166-B4A962FCB5CE"}, {"criteria": "cpe:2.3:h:hp:laserjet_m5025_mfp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C69873-A989-4B66-8D28-67A260EC7A4E"}, {"criteria": "cpe:2.3:h:hp:laserjet_m9040_mpf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C793A8D-5C58-481A-A253-4704A7EE29CD"}, {"criteria": "cpe:2.3:h:hp:laserjet_m9050_mpf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6F181F-3AB7-409D-B32F-8B09B6DDA110"}, {"criteria": "cpe:2.3:h:hp:laserjet_p3005n:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88D04BDC-9273-4A09-BED4-18E44E99EBCF"}, {"criteria": "cpe:2.3:h:hp:laserjet_p4014:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "222D062D-1F47-4E21-9173-A5AFEEF66482"}, {"criteria": "cpe:2.3:h:hp:laserjet_p4515:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A71AB74-7F6B-4B0F-8C52-F12187A6788A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}