PT-2017-13434 · Dell · Dell 2355Dn+1

Published

2017-12-07

Updated

2017-12-27

CVE-2017-14386

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Dell 2335dn Multifunction Laser Printer versions prior to V2.70.06.26 A13 Dell 2355dn Multifunction Laser Printer versions prior to V2.70.45.34 A10

Description The issue affects the web user interface, allowing attackers to execute arbitrary HTML or JavaScript code in the user's browser session. This could be achieved by exploiting a cross-site scripting vulnerability.

Recommendations For Dell 2335dn Multifunction Laser Printer versions prior to V2.70.06.26 A13, update the firmware to V2.70.06.26 A13 or later. For Dell 2355dn Multifunction Laser Printer versions prior to V2.70.45.34 A10, update the firmware to V2.70.45.34 A10 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-14386

Affected Products

Dell 2335Dn

Dell 2355Dn

PT-2017-13434 · Dell · Dell 2355Dn+1

CVE-2017-14386

Weakness Enumeration

Related Identifiers

Affected Products

References · 4