Cross-Site Scripting Vulnerabilities in Brother MFC-9970CDW Printer
CVE-2013-2671

Currently unrated

Key Information:

Vendor: Brother
Status: Mfc-9970cdw Firmware; Mfc-9970cdw
Vendor: CVE Published:; 14 March 2014

What is CVE-2013-2671?

The Brother MFC-9970CDW printer is affected by multiple Cross-Site Scripting (XSS) vulnerabilities that allow attackers to execute arbitrary web scripts or HTML. This can be achieved through the manipulation of specific parameters in the administrative interface. Attackers can exploit this vulnerability by sending specially crafted requests targeting 'admin/admin_main.html', 'admin/profile_settings_net.html', and 'fax/general_setup.html'. This opens avenues for unauthorized actions or data exposure, thereby posing significant security risks to users.

References

http://www.cloudscan.me/2013/05/xss-javascript-injection-...

x_refsource_MISC

http://osvdb.org/93092

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.com/files/121553/Brother-MFC-9...

x_refsource_MISC

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Mar 22, 2013

JSON