Huy Kha

**Name of the Vulnerable Software and Affected Versions** Canon PrintMe EFI (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists in the Canon PrintMe EFI web interface, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "/wt3/mydocs.php" API endpoint. The `PATH INFO` variable is used to specify the path information for the request, and in this case, it is vulnerable to injection of malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brother HL series printers (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `url` parameter to "etc/loginerror.html". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.