vendor:
CUPS
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: CUPS
Affected Version From: Prior to CUPS 1.4.2
Affected Version To: Prior to CUPS 1.4.2
Patch Exists: YES
Related CWE: N/A
CPE: a:apple:cups
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mac OS X
2009
CUPS Cross-Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Users should avoid following untrusted links and should never enter sensitive information into a web page unless it is known to be secure.