CUPS vulnerability

ID USN-2172-1
Type ubuntu
Reporter Ubuntu
Modified 2014-04-24T00:00:00


Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.