Cups
CVE-2015-1159
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
AnalysisAI
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 58.8%.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. Affected products include: Cups. Version information: before 2.0.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-va
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Rat
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are sus
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi
OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authenti
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Rated medium severi
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. Rated high severity (CVSS 8.8
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers t
A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote atta
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today