CVE-2015-1159

Published: Jun 26, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-3283

vendor-advisory

x_refsource_DEBIAN

RHSA-2015:1123

vendor-advisory

x_refsource_REDHAT

https://bugzilla.opensuse.org/show_bug.cgi?id=924208

x_refsource_CONFIRM

USN-2629-1

vendor-advisory

x_refsource_UBUNTU

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10702

x_refsource_CONFIRM

1032556

vdb-entry

x_refsource_SECTRACK

SUSE-SU-2015:1044

vendor-advisory

x_refsource_SUSE

http://www.cups.org/blog.php?L1082

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1221642

x_refsource_CONFIRM

VU#810572

third-party-advisory

x_refsource_CERT-VN

https://www.cups.org/str.php?L4609

x_refsource_CONFIRM

75106

vdb-entry

x_refsource_BID

GLSA-201510-07

vendor-advisory

x_refsource_GENTOO

https://code.google.com/p/google-security-research/issues/detail?id=455

x_refsource_MISC

SUSE-SU-2015:1041

vendor-advisory

x_refsource_SUSE

http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html

x_refsource_MISC

openSUSE-SU-2015:1056

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-1159

Description

Affected Products

References