CVE-2018-12111

Name of the Vulnerable Software and Affected Versions Canon PrintMe EFI (affected versions not specified)

Description A cross-site scripting (XSS) issue exists in the Canon PrintMe EFI web interface, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO to the "/wt3/mydocs.php" API endpoint. The PATH INFO variable is used to specify the path information for the request, and in this case, it is vulnerable to injection of malicious scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.