Cross-Site Scripting Vulnerabilities in Brother MFC-9970CDW Printer
CVE-2013-2507

Currently unrated

Key Information:

Vendor: Brother
Status: Mfc-9970cdw Firmware; Mfc-9970cdw
Vendor: CVE Published:; 14 March 2014

What is CVE-2013-2507?

Multiple cross-site scripting vulnerabilities exist in the Brother MFC-9970CDW printer with firmware version G (1.03). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML by exploiting the 'id' parameter in the admin/log_to_net.html interface as well as the 'kind' parameter in fax/copy_settings.html. Successful exploitation can lead to unauthorized actions or the exposure of sensitive information.

References

http://www.cloudscan.me/2013/05/xss-javascript-injection-...

x_refsource_MISC

http://packetstormsecurity.com/files/121553/Brother-MFC-9...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/84096

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Mar 8, 2013

JSON