cvelistv5 - cve-2013-2670

CVE-2013-2670 (GCVE-0-2013-2670)

Vulnerability from cvelistv5 – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.cloudscan.me/2013/05/xss-javascript-in…	x_refsource_MISC
	http://packetstormsecurity.com/files/121553/Broth…	x_refsource_MISC
	http://osvdb.org/ref/93/brother-mfc-9970cdw-firmw…	x_refsource_MISC
	http://osvdb.org/93068	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/ref/93/brother-mfc9970cdw-firmwa…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:44:33.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
          },
          {
            "name": "93068",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/93068"
          },
          {
            "name": "brothermfc9970cdw-cve20132670-xss(84095)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
        },
        {
          "name": "93068",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/93068"
        },
        {
          "name": "brothermfc9970cdw-cve20132670-xss(84095)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-2670",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
              "refsource": "MISC",
              "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
            },
            {
              "name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
              "refsource": "MISC",
              "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
            },
            {
              "name": "93068",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/93068"
            },
            {
              "name": "brothermfc9970cdw-cve20132670-xss(84095)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
            },
            {
              "name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
              "refsource": "MISC",
              "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-2670",
    "datePublished": "2014-03-14T14:00:00",
    "dateReserved": "2013-03-22T00:00:00",
    "dateUpdated": "2024-08-06T15:44:33.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\\\(1.03\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280824FC-40F6-42CE-A4FC-B8903E87ED18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\\\(1.10\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"886F6FB8-AB3B-4737-8329-D282E1820D97\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B644877-9329-447A-9DB0-4F369F23194A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en la impresora Brother MFC-9970CDW con firmware G (1.03) y L (1.10) permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\\u00e9s de un par\\u00e1metro name (QUERY_STRING) arbitrario hacia admin/admin_main.html, una vulnerabilidad diferente a CVE-2013-2507 y CVE-2013-2671.\"}]",
      "id": "CVE-2013-2670",
      "lastModified": "2024-11-21T01:52:07.553",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-03-14T14:55:04.280",
      "references": "[{\"url\": \"http://osvdb.org/93068\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/84095\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/93068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/84095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2670\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-03-14T14:55:04.280\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en la impresora Brother MFC-9970CDW con firmware G (1.03) y L (1.10) permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro name (QUERY_STRING) arbitrario hacia admin/admin_main.html, una vulnerabilidad diferente a CVE-2013-2507 y CVE-2013-2671.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\\\(1.03\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280824FC-40F6-42CE-A4FC-B8903E87ED18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\\\(1.10\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"886F6FB8-AB3B-4737-8329-D282E1820D97\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B644877-9329-447A-9DB0-4F369F23194A\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/93068\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/84095\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/93068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/84095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2013-2670

Vulnerability from fkie_nvd - Published: 2014-03-14 14:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/93068
cve@mitre.org	http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html	Exploit
cve@mitre.org	http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html	Exploit
cve@mitre.org	http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html	Exploit
cve@mitre.org	http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/84095
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/93068
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/84095

Impacted products

Vendor	Product	Version
brother	mfc-9970cdw_firmware	g\(1.03\)
brother	mfc-9970cdw_firmware	l\(1.10\)
brother	mfc-9970cdw	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "280824FC-40F6-42CE-A4FC-B8903E87ED18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "886F6FB8-AB3B-4737-8329-D282E1820D97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B644877-9329-447A-9DB0-4F369F23194A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la impresora Brother MFC-9970CDW con firmware G (1.03) y L (1.10) permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro name (QUERY_STRING) arbitrario hacia admin/admin_main.html, una vulnerabilidad diferente a CVE-2013-2507 y CVE-2013-2671."
    }
  ],
  "id": "CVE-2013-2670",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-14T14:55:04.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/93068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/93068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-Q8GX-X8QV-PR28

Vulnerability from github – Published: 2022-05-17 01:35 – Updated: 2022-05-17 01:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-2670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-14T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.",
  "id": "GHSA-q8gx-x8qv-pr28",
  "modified": "2022-05-17T01:35:58Z",
  "published": "2022-05-17T01:35:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2670"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/93068"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201403-0045

Vulnerability from variot - Updated: 2023-12-18 12:38

Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The /admin/admin_main.html script included with the Brother MFC-9970CDW incorrectly filters data submitted by users to the 'signedpdf' and 'websettings' parameters, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks, to obtain sensitive information or to hijack user sessions. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user's session. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Brother MFC-9970CDW version 1.10 firmware G and firmware L are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

=========================================

Brother MFC-9970CDW Firmware 0D

Date: Jan. 13, 2013

URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html

=========================================

Keywords

=========================================

XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW

CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676

=========================================

Summary

=========================================

A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.

=========================================

Overview

=========================================

Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.

=========================================

The Bug

=========================================

Reflected Cross Site Scripting, CWE-79

=========================================

Vulnerable Parameters = id , val, kind + Query String

Signature = ">alert(1)

=========================================

Version Identification

=========================================

Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10

Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94

=========================================

PoC

=========================================

PoC URL

http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)

=========================================

CVE Information

=========================================

CVE-2013-2507 is specific to Firmware G.

XSS at:

admin/admin_main.html name of an arbitrarily assigned URL parameter

CVE-2013-2671 is for the XSS issues that are only present in Firmware L.

CVEs for Firmware L:

Cleartext submission of password CVE-2013-2672

Password field with autocomplete enabled CVE-2013-2673

Cross-domain Referer leakage CVE-2013-2674

Frameable response (Clickjacking) CVE-2013-2675

Private IP addresses disclosed CVE-2013-2676

CVSS 2 Score = 4.5

Timeline

Attempt contact via e-mail in January 2013.

Call the Toll Free Support Line in March 2013.

Callback from Vendor in April 2013.

E-mail sent to Vendor in April 2013.

VENDOR UNRESPONSIVE

Published May 3, 2013

Hoyt LLC Research Public Domain Report

http://xss.cx/

=========================================

END

=========================================

-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526

wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0045",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mfc-9970cdw",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "brother",
        "version": "g\\(1.03\\)"
      },
      {
        "model": "mfc-9970cdw",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "brother",
        "version": "l\\(1.10\\)"
      },
      {
        "model": "mfc-9970cdw",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "brother",
        "version": null
      },
      {
        "model": "mfc-9970cdw l",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "brother",
        "version": "1.10"
      },
      {
        "model": "mfc-9970cdw",
        "scope": null,
        "trust": 0.8,
        "vendor": "brother industry",
        "version": null
      },
      {
        "model": "mfc-9970cdw",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "brother industry",
        "version": "g (1.03)"
      },
      {
        "model": "mfc-9970cdw",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "brother industry",
        "version": "l (1.10)"
      },
      {
        "model": "mfc-9970cdw g",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "brother",
        "version": "1.10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hoyt LLC",
    "sources": [
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-2670",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-2670",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2013-05291",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-62672",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-2670",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-05291",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201305-203",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-62672",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The /admin/admin_main.html script included with the Brother MFC-9970CDW incorrectly filters data submitted by users to the \u0027signedpdf\u0027 and \u0027websettings\u0027 parameters, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks, to obtain sensitive information or to hijack user sessions. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user\u0027s session. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nBrother MFC-9970CDW version 1.10 firmware G and firmware L are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n  admin/admin_main.html  name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research                                        Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "PACKETSTORM",
        "id": "121553"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-2670",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "121553",
        "trust": 2.6
      },
      {
        "db": "OSVDB",
        "id": "93068",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "59720",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "84095",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "9970",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "PACKETSTORM",
        "id": "121553"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "id": "VAR-201403-0045",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      }
    ],
    "trust": 1.3129032399999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:38:34.238000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.brother.com"
      },
      {
        "title": "MFC-9970CDW",
        "trust": 0.8,
        "url": "http://brother.jp/product/printer/mfc/mfc9970cdw/index.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
      },
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
      },
      {
        "trust": 2.5,
        "url": "http://osvdb.org/93068"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/84095"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2670"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2670"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/59720"
      },
      {
        "trust": 0.3,
        "url": "http://www.brother.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit"
      },
      {
        "trust": 0.1,
        "url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://xss.cx/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "PACKETSTORM",
        "id": "121553"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "db": "BID",
        "id": "59720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "db": "PACKETSTORM",
        "id": "121553"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "date": "2014-03-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "date": "2013-05-06T00:00:00",
        "db": "BID",
        "id": "59720"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "date": "2013-05-08T02:27:54",
        "db": "PACKETSTORM",
        "id": "121553"
      },
      {
        "date": "2014-03-14T14:55:04.280000",
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "date": "2013-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-05-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-05291"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62672"
      },
      {
        "date": "2013-05-06T00:00:00",
        "db": "BID",
        "id": "59720"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      },
      {
        "date": "2017-08-29T01:33:16.463000",
        "db": "NVD",
        "id": "CVE-2013-2670"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brother MFC-9970CDW Cross-site scripting vulnerability in printer firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006193"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "121553"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201305-203"
      }
    ],
    "trust": 0.7
  }
}

GSD-2013-2670

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-2670

Aliases

CVE-2013-2670

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-2670",
    "description": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.",
    "id": "GSD-2013-2670",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-2670"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-2670"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.",
      "id": "GSD-2013-2670",
      "modified": "2023-12-13T01:22:18.189595Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-2670",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
            "refsource": "MISC",
            "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
          },
          {
            "name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
            "refsource": "MISC",
            "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
          },
          {
            "name": "93068",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/93068"
          },
          {
            "name": "brothermfc9970cdw-cve20132670-xss(84095)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
          },
          {
            "name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
            "refsource": "MISC",
            "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-2670"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
            },
            {
              "name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
            },
            {
              "name": "93068",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/93068"
            },
            {
              "name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
            },
            {
              "name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
            },
            {
              "name": "brothermfc9970cdw-cve20132670-xss(84095)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2014-03-14T14:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-2670 (GCVE-0-2013-2670)

FKIE_CVE-2013-2670

GHSA-Q8GX-X8QV-PR28

VAR-201403-0045

GSD-2013-2670

Tags

Sightings

Nomenclature