CVE-2013-2670

Summary

CVE	CVE-2013-2670
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-03-14 14:55:00 UTC
Updated	2017-08-29 01:33:00 UTC
Description	Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Brother	Mfc-9970cdw	-	All	All	All
Hardware	Brother	Mfc-9970cdw	-	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	g(1.03)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	g\(1.03\)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l(1.10)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l\(1.10\)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	g\(1.03\)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l\(1.10\)	All	All	All

References

Reference	Source	Link	Tags
93068	OSVDB	osvdb.org
XSS.CX Blog: XSS, Javascript Injection, Brother MFC-9970CDW Printer Firmware L, 0D	MISC	www.cloudscan.me	Exploit
osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html	MISC	osvdb.org	Exploit
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html	MISC	osvdb.org	Exploit
Brother MFC-9970CDW Firmware 0D Cross Site Scripting ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.