Brother MFC Administration Reflected Cross-Site Scripting Vulnerabilities - Jan15 Network Vulnerability

Summary

This host is installed with MFC-J4410DW model printer firmware and is prone to cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to latest firmware version. For updates http://www.brother-usa.com

Insight

Flaw is due to improper validation of 'url' parameter in 'status.html' page before being returned to the user.

Affected

Brother MFC-J4410DW with F/W Versions J and K

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://seclists.org/bugtraq/2015/Jan/19

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-1056
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache Struts2 showcase namespace XSS Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Archiva Multiple Vulnerabilities

Take action and discover your vulnerabilities