Unrated severityNVD Advisory· Published Jun 26, 2015· Updated May 6, 2026

CVE-2015-1159

Description

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

Affected products

Cups/Cups
cpe:2.3:a:cups:cups:*:*:*:*:*:*:*:*
Range: <=2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.google.com/p/google-security-research/issues/detailnvdExploit
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
www.cups.org/blog.phpnvdVendor Advisory
www.kb.cert.org/vuls/id/810572nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/75106nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201510-07nvdThird Party AdvisoryVDB Entry
www.cups.org/str.phpnvdVendor Advisory
googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.htmlnvdTechnical Description
bugzilla.opensuse.org/show_bug.cginvdIssue Tracking
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.htmlnvd
lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1123.htmlnvd
www.debian.org/security/2015/dsa-3283nvd
www.securitytracker.com/id/1032556nvd
www.ubuntu.com/usn/USN-2629-1nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.047
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000