Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
References
Link | Resource |
---|---|
https://cweb.canon.jp/e-support/info/211221xss.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN64806328/index.html | Third Party Advisory |
https://jvn.jp/jp/JVN64806328/index.html | Third Party Advisory |
https://www.canon-europe.com/support/product-security-latest-news/ | Vendor Advisory |
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2022, 21:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:canon:2206if:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf247dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4890dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf232w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf224dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf262dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:lbp162:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf264dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf265dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4770n:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf249dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:2204n:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4780w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4570dn:-:*:*:*:*:*:*:* cpe:2.3:h:canon:2204f:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4570dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf229dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf222dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:lbp113w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf267dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:lbp151dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf4880dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:* cpe:2.3:h:canon:lbp162dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf269dw_vp:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf244dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:lbp162l:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf227dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf269dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf245dw:-:*:*:*:*:*:*:* cpe:2.3:h:canon:mf242dw:-:*:*:*:*:*:*:* |
|
References | (MISC) https://cweb.canon.jp/e-support/info/211221xss.html - Vendor Advisory | |
References | (MISC) https://jvn.jp/jp/JVN64806328/index.html - Third Party Advisory | |
References | (MISC) https://jvn.jp/en/jp/JVN64806328/index.html - Third Party Advisory | |
References | (MISC) https://www.canon-europe.com/support/product-security-latest-news/ - Vendor Advisory | |
References | (MISC) https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
CWE | CWE-79 | |
First Time |
Canon lbp151dw
Canon mf4880dw Canon lbp162 Canon mf4780w Canon mf212w Canon mf4890dw Canon lbp162dw Canon mf269dw Canon mf265dw Canon mf227dw Canon mf245dw Canon mf4570dw Canon 2204n Canon 2206if Canon mf244dw Canon mf229dw Canon mf113w Canon mf232w Canon mf237w Canon Canon 2204f Canon mf247dw Canon mf4570dn Canon mf267dw Canon mf4770n Canon lbp162l Canon mf224dw Canon mf269dw Vp Canon mf242dw Canon mf262dw Canon mf217w Canon mf264dw Canon lbp113w Canon mf222dw Canon mf249dw |
08 Feb 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-08 11:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-20877
Mitre link : CVE-2021-20877
CVE.ORG link : CVE-2021-20877
JSON object : View
Products Affected
canon
- mf262dw
- mf264dw
- mf249dw
- mf4570dn
- mf4880dw
- lbp162l
- mf232w
- mf224dw
- mf269dw_vp
- mf269dw
- mf4780w
- 2204f
- mf4890dw
- 2206if
- mf244dw
- mf222dw
- mf242dw
- mf267dw
- lbp113w
- mf247dw
- mf227dw
- lbp162
- mf229dw
- mf4570dw
- mf237w
- mf4770n
- mf212w
- mf245dw
- mf265dw
- lbp151dw
- 2204n
- mf113w
- lbp162dw
- mf217w
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')