CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
82.7%
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before
10.6.2 and other platforms, does not properly handle (1) HTTP headers and
(2) HTML templates, which allows remote attackers to conduct cross-site
scripting (XSS) attacks and HTTP response splitting attacks via vectors
related to (a) the productโs web interface, (b) the configuration of the
print system, and ยฉ the titles of printed jobs, as demonstrated by an XSS
attack that uses the kerberos parameter to the admin program, and leverages
attribute injection and HTTP Parameter Pollution (HPP) issues.