CVE-2013-2671

Summary

CVE	CVE-2013-2671
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-03-14 14:55:00 UTC
Updated	2017-08-29 01:33:00 UTC
Description	Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Brother	Mfc-9970cdw	-	All	All	All
Hardware	Brother	Mfc-9970cdw	-	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l(1.10)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l\(1.10\)	All	All	All
Operating System	Brother	Mfc-9970cdw Firmware	l\(1.10\)	All	All	All

References

Reference	Source	Link	Tags
XSS.CX Blog: XSS, Javascript Injection, Brother MFC-9970CDW Printer Firmware L, 0D	MISC	www.cloudscan.me	Exploit
93093	OSVDB	osvdb.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
93092	OSVDB	osvdb.org
osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html	MISC	osvdb.org	Exploit
Brother MFC-9970CDW Firmware 0D Cross Site Scripting ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.