HP LaserJet Improper Neutralization of Input During Web Page Generation (CVE-2009-2684)
Multiple cross-site scripting XSS vulnerabilities in Jetdirect and the Embedded Web Server EWS on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the 1 ProductURL or 2 TechURL parameter in an Apply action t...