Vulnerability Description
Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brother | Hl-L2340D Firmware | < 1.16 |
| Brother | Hl-L2340D | - |
| Brother | Hl-L2380Dw Firmware | < 1.16 |
| Brother | Hl-L2380Dw | - |
Related Weaknesses (CWE)
References
- https://support.brother.com/g/b/faqend.aspx?c=us_ot&lang=en&prod=group2&ftype3=1
- https://www.exploit-db.com/exploits/44839/
- https://support.brother.com/g/b/faqend.aspx?c=us_ot&lang=en&prod=group2&ftype3=1
- https://www.exploit-db.com/exploits/44839/
FAQ
What is CVE-2018-11581?
CVE-2018-11581 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
How severe is CVE-2018-11581?
CVE-2018-11581 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11581?
Check the references section above for vendor advisories and patch information. Affected products include: Brother Hl-L2340D Firmware, Brother Hl-L2340D, Brother Hl-L2380Dw Firmware, Brother Hl-L2380Dw.