CVE-2014-2856

Currently unrated

Key Information:

Vendor: Apple
Status: Cups
Vendor: CVE Published:; 18 April 2014

Summary

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

References

http://secunia.com/advisories/57880

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/66788

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2172-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Apr 18, 2014
Vulnerability Reserved
Apr 15, 2014