Fluid Attacks Database

Description

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	cups	>=0 <1.7.5-12	1.7.5-12
debian 13	cups	>=0 <1.7.5-12	1.7.5-12
debian 11	cups	>=0 <1.7.5-12	1.7.5-12
debian 12	cups	>=0 <1.7.5-12	1.7.5-12
rpm rhel7	cups	<1:1.6.3-17.el7_1.1	1:1.6.3-17.el7_1.1
rpm rhel6	cups	<1:1.4.2-67.el6_6.1	1:1.4.2-67.el6_6.1
rpm rhel5	cups	-	-

Aliases

1. CVE-2015-11592. NVD-2015-11593. OSV-DEBIAN-2015-11594. OSV-2015-11595. SECURITY-TRACKER-CVE-2015-1159

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.