CVE-2009-2684 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
hp	cm8050_mfp	*
hp	cm8060_mfp	*
hp	color_laserjet_3000n	*
hp	color_laserjet_3600n	*
hp	color_laserjet_3800n	*
hp	color_laserjet_4700n	*
hp	color_laserjet_4730_mfp	*
hp	color_laserjet_6040_mfp	*
hp	color_laserjet_cm4730_mfp	*
hp	color_laserjet_cp3505	*
hp	color_laserjet_cp4005n	*
hp	color_laserjet_cp6015	*
hp	ds_9200c	*
hp	ds_9250c	*
hp	laserjet_2410	*
hp	laserjet_2420	*
hp	laserjet_2430n	*
hp	laserjet_4240	*
hp	laserjet_4250n	*
hp	laserjet_4345_mfp	*
hp	laserjet_4350n	*
hp	laserjet_5200n	*
hp	laserjet_9040_mfp	*
hp	laserjet_9040n	*
hp	laserjet_9050_mfp	*
hp	laserjet_9050n	*
hp	laserjet_m3027_mfp	*
hp	laserjet_m3035_mfp	*
hp	laserjet_m4345x_mfp	*
hp	laserjet_m5025_mfp	*
hp	laserjet_m9040_mpf	*
hp	laserjet_m9050_mpf	*
hp	laserjet_p3005n	*
hp	laserjet_p4014	*
hp	laserjet_p4515	*

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://dsecrg.com/pages/vul/show.php?id=148

http://marc.info/?l=bugtraq&m=125493484205823&w=2

http://marc.info/?l=bugtraq&m=125493484205823&w=2

http://secunia.com/advisories/36969

http://www.securityfocus.com/archive/1/507038/100/0/threaded

http://www.securityfocus.com/bid/36613

http://www.vupen.com/english/advisories/2009/2850

https://exchange.xforce.ibmcloud.com/vulnerabilities/53677

http://dsecrg.com/pages/vul/show.php?id=148

http://marc.info/?l=bugtraq&m=125493484205823&w=2

http://marc.info/?l=bugtraq&m=125493484205823&w=2

http://secunia.com/advisories/36969

http://www.securityfocus.com/archive/1/507038/100/0/threaded

http://www.securityfocus.com/bid/36613

http://www.vupen.com/english/advisories/2009/2850

https://exchange.xforce.ibmcloud.com/vulnerabilities/53677