PT-2015-1420 · Apple+5 · Cups+5
Publicado
2015-06-09
·
Atualizado
2024-06-15
·
CVE-2015-1159
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
CUPS versions prior to 2.0.3
Description
The issue is related to a cross-site scripting (XSS) vulnerability in the template engine of the CUPS printing server. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
QUERY parameter to various web pages, including help, classes, printers, and jobs. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.Recommendations
For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable
QUERY parameter in the affected API endpoints until a patch is available. Avoid using the QUERY parameter in the affected web pages until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Cups
Centos
Red Hat
Suse
Ubuntu