CVE-2017-14386

Published: Dec 7, 2017Modified: May 13, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.

Affected (2)

Products: Dell: 2355dn Firmware, 2335dn Firmware

2 products

2355dn Firmware

2335dn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell 2355dn Firmware	Before 2.70.45.34_a10

Running on/with	Platform Versions
Dell 2355dn	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell 2335dn Firmware	Before 2.70.06.26_a13

Running on/with	Platform Versions
Dell 2335dn	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3

Source: security_alert@emc.com

PatchVendor Advisory

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V

Source: security_alert@emc.com

PatchVendor Advisory

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=782W3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=CG55V

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.