Cross-Site Scripting Vulnerability in Brother MFC-9970CDW Printer
CVE-2013-2670

Currently unrated

Key Information:

Vendor: Brother
Status: Mfc-9970cdw Firmware; Mfc-9970cdw
Vendor: CVE Published:; 14 March 2014

What is CVE-2013-2670?

The Brother MFC-9970CDW printer is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This security flaw is exploited through the 'QUERY_STRING' parameter when interacting with the 'admin/admin_main.html' interface. Impacted firmware versions G (1.03) and L (1.10) expose users to potential unauthorized access, emphasizing the necessity of prompt firmware updates to mitigate associated risks.

References

http://www.cloudscan.me/2013/05/xss-javascript-injection-...

x_refsource_MISC

http://packetstormsecurity.com/files/121553/Brother-MFC-9...

x_refsource_MISC

http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v1...

x_refsource_MISC

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Mar 22, 2013

JSON