Unrated severityNVD Advisory· Published Jun 26, 2015· Updated Jun 17, 2026
CVE-2015-1159
CVE-2015-1159
Description
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*range: <=2.0.2
- (no CPE)range: <2.0.3
- osv-coords6 versionspkg:rpm/opensuse/cups&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cups154&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 2.1.3-2.3+ 5 more
- (no CPE)range: < 2.1.3-2.3
- (no CPE)range: < 1.5.4-9.1
- (no CPE)range: < 1.7.5-9.1
- (no CPE)range: < 1.7.5-9.1
- (no CPE)range: < 1.7.5-9.1
- (no CPE)range: < 1.7.5-9.1
Patches
Vulnerability mechanics
References
17- code.google.com/p/google-security-research/issues/detailnvdExploit
- kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
- www.cups.org/blog.phpnvdVendor Advisory
- www.kb.cert.org/vuls/id/810572nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/75106nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201510-07nvdThird Party AdvisoryVDB Entry
- www.cups.org/str.phpnvdVendor Advisory
- googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.htmlnvdTechnical Description
- bugzilla.opensuse.org/show_bug.cginvdIssue Tracking
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1123.htmlnvd
- www.debian.org/security/2015/dsa-3283nvd
- www.securitytracker.com/id/1032556nvd
- www.ubuntu.com/usn/USN-2629-1nvd
News mentions
0No linked articles in our index yet.