CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

CUPS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Note: This vulnerability was originally reported in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been given its own record to better document it. This issue affects CUPS versions prior to 1.4.2.

Solution

Updates are available. Please see the references for more information.

References

http://www.cups.org
http://www.cups.org/articles.php?L590
http://www.cups.org/str.php?L3367
http://www.securityfocus.com/bid/36958

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2820

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

An Image Gallery Multiple Cross-Site Scripting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities