Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1159Cross-site Scripting in Cups

CWE-79Cross-site Scripting13 documents10 sources
Severity
4.3MEDIUMNVD
OSV10.0
EPSS
58.8%
top 1.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Apple CupsDebian CupsCups+1 more
Timeline
PublishedJun 26
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

debiandebian/cups< cups 1.7.5-12 (bookworm)
Debianapple/cups< 1.7.5-12+3
Ubuntuapple/cups< 1.7.2-0ubuntu1.6
NVDcups/cups2.0.2

🔴Vulnerability Details

4
GHSA
GHSA-pmc2-2vx8-fmwf: Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template2022-05-17
OSV
CVE-2015-1159: Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template2015-06-26
OSV
cups vulnerabilities2015-06-10
Project0
Owning Internet Printing - A Case Study in Modern Software Exploitation - Project Zero2015-06-01

💥Exploits & PoCs

1
Exploit-DB
CUPS < 2.0.3 - Multiple Vulnerabilities2015-06-22

📋Vendor Advisories

4
Red Hat
cups: cross-site scripting flaw in CUPS web UI (VU#810572)2015-06-10
Ubuntu
CUPS vulnerabilities2015-06-10
Debian
CVE-2015-1159: cups - Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/tem...2015
Apple
CVE-2015-1159: OS X Yosemite v10.10.3 and Security Update 2015-004

💬Community

3
Bugzilla
CVE-2015-1158 CVE-2015-1159 cups: various flaws [fedora-all]2015-06-10
Bugzilla
CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572)2015-05-14
Bugzilla
CVE-2015-1158 cups: incorrect string reference counting (VU#810572)2015-05-14