CVE-2018-11581

MEDIUM

Brother HL-L2340D and HL-L2380DW Firmware < 1.16 - Cross-Site Scripting via URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11581. PoCs published by Huy Kha.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Brother HL series printers via the 'url' parameter in 'loginerror.html'. The payload is injected into the URL and executed when the victim accesses the crafted link.

Description

Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.

Exploits (1)

exploitdb WORKING POC
by Huy Kha · webappshardware
https://www.exploit-db.com/exploits/44839

This exploit demonstrates a reflected XSS vulnerability in Brother HL series printers via the 'url' parameter in 'loginerror.html'. The payload is injected into the URL and executed when the victim accesses the crafted link.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Brother HL series printers (firmware versions prior to 1.16)
Auth required
Prerequisites: Access to the printer's web interface · Valid credentials to log in
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44839/

Scores

CVSS v3 4.8
EPSS 0.0161
EPSS Percentile 73.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
brother/hl-l2340d_firmware < 1.16
brother/hl-l2380dw_firmware < 1.16
Published Jun 01, 2018
Tracked Since Feb 18, 2026