Brother MFC Administration Reflected Cross-Site Scripting Vulnerabilities - Jan15 Network Vulnerability

Summary

This host is installed with MFC-J4410DW model printer firmware and is prone to cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to latest firmware version. For updates http://www.brother-usa.com

Insight

Flaw is due to improper validation of 'url' parameter in 'status.html' page before being returned to the user.

Affected

Brother MFC-J4410DW with F/W Versions J and K

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://seclists.org/bugtraq/2015/Jan/19

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-1056

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Multiple Cross-Site Scripting Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Apache mod_proxy_ajp Information Disclosure Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
3Com NBX VoIP NetSet Detection

Take action and discover your vulnerabilities