VAR-202201-1352
Vulnerability from variot - Updated: 2024-08-14 13:53Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf4880dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf217w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf113w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf247dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp151dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf232w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf224dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "2206if",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp162",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf237w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4780w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf229dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf242dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf262dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp162dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf244dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf269dw vp",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf245dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4890dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf222dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf265dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf267dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf227dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf212w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf269dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "2204n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4570dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf264dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp113w",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4570dn",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf4770n",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "lbp162l",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "2204f",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "mf249dw",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"cve": "CVE-2021-20877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-20877",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2021-20877",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20877",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1697",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20877"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20877",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVN64806328",
"trust": 1.6
},
{
"db": "CS-HELP",
"id": "SB2022011917",
"trust": 0.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000001",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1697",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"id": "VAR-202201-1352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-08-14T13:53:40.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Canon Repair measures for cross-site scripting vulnerabilities in multiple products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182337"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cweb.canon.jp/e-support/info/211221xss.html"
},
{
"trust": 1.6,
"url": "https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/service-notice-canon-laser-printer-and-small-office-multifunctional-printer-related-to-cross-site-scripting"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn64806328/index.html"
},
{
"trust": 1.6,
"url": "https://jvn.jp/jp/jvn64806328/index.html"
},
{
"trust": 1.6,
"url": "https://www.canon-europe.com/support/product-security-latest-news/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000001.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011917"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20877"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"date": "2022-02-08T11:15:07.663000",
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1697"
},
{
"date": "2022-02-14T21:07:30.460000",
"db": "NVD",
"id": "CVE-2021-20877"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Canon Multiple product cross-site scripting vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1697"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…