CVE-2014-2856

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

Published: Apr 18, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2856
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apple / cups	1.1.20	1.1.20.x
apple / cups	1.4-b1	1.4-b1.x
apple / cups	1.6.2	1.6.2.x
apple / cups	1.1.5-2	1.1.5-2.x
apple / cups	1.5.3	1.5.3.x
apple / cups	1.3.9	1.3.9.x
apple / cups	1.1.14	1.1.14.x
apple / cups	1.5.0	1.5.0.x
apple / cups	1.3-rc2	1.3-rc2.x
apple / cups	1.1.6-1	1.1.6-1.x
apple / cups	1.1.18	1.1.18.x
apple / cups	1.7.0	1.7.0.x
apple / cups	1.1.12	1.1.12.x
apple / cups	1.3.11	1.3.11.x
apple / cups	1.7.1-b1	1.7.1-b1.x
apple / cups	1.5.2	1.5.2.x
apple / cups	1.1.5-1	1.1.5-1.x
apple / cups	1.3.3	1.3.3.x
apple / cups	1.1.22	1.1.22.x
apple / cups	1.2.0	1.2.0.x
apple / cups	1.5-b2	1.5-b2.x
apple / cups	1.1.16	1.1.16.x
apple / cups	1.4.1	1.4.1.x
apple / cups	1.3.1	1.3.1.x
apple / cups	1.1.23-rc1	1.1.23-rc1.x
apple / cups	1.1.20-rc1	1.1.20-rc1.x
apple / cups	1.1.15	1.1.15.x
apple / cups	1.6.4	1.6.4.x
apple / cups	1.1.17	1.1.17.x
apple / cups	1.4-rc1	1.4-rc1.x
apple / cups	1.1.20-rc6	1.1.20-rc6.x
apple / cups	1.6.3	1.6.3.x
apple / cups	1.2.4	1.2.4.x
apple / cups	1.1.19-rc1	1.1.19-rc1.x
apple / cups	1.7-rc1	1.7-rc1.x
apple / cups	1.3.2	1.3.2.x
apple / cups	1.4.8	1.4.8.x
apple / cups	1.1.22-rc1	1.1.22-rc1.x
apple / cups	1.1.7	1.1.7.x
apple / cups	1.2-rc2	1.2-rc2.x
apple / cups	1.1.6-2	1.1.6-2.x
apple / cups	1.3-b1	1.3-b1.x
apple / cups	1.1.3	1.1.3.x
apple / cups	1.2.3	1.2.3.x
apple / cups	1.1.21	1.1.21.x
apple / cups	1.4.0	1.4.0.x
apple / cups	1.2.9	1.2.9.x
apple / cups	1.2.10	1.2.10.x
apple / cups	1.4.4	1.4.4.x
apple / cups	1.1.4	1.1.4.x
apple / cups	1.1.23	1.1.23.x
apple / cups	1.4.6	1.4.6.x
apple / cups	1.2.6	1.2.6.x
apple / cups	1.6-b1	1.6-b1.x
apple / cups	1.2-b1	1.2-b1.x
apple / cups	1.3.8	1.3.8.x
apple / cups	1.1.20-rc4	1.1.20-rc4.x
apple / cups	1.1.19	1.1.19.x
apple / cups	1.1	1.1.x
apple / cups	1.3.4	1.3.4.x
apple / cups	1.1.8	1.1.8.x
apple / cups	1.1.5	1.1.5.x
apple / cups	1.2.1	1.2.1.x
apple / cups	1.2-rc3	1.2-rc3.x
apple / cups	1.1.2	1.1.2.x
apple / cups	1.4.7	1.4.7.x
apple / cups	1.3.10	1.3.10.x
apple / cups	1.1.13	1.1.13.x
apple / cups	1.1.19-rc4	1.1.19-rc4.x
apple / cups	1.1.9-1	1.1.9-1.x
apple / cups	1.2.12	1.2.12.x
apple / cups	1.1.21-rc2	1.1.21-rc2.x
apple / cups	1.2-b2	1.2-b2.x
apple / cups	1.2.7	1.2.7.x
apple / cups	1.1.6-3	1.1.6-3.x
apple / cups	1.1.20-rc5	1.1.20-rc5.x
apple / cups	1.6.1	1.6.1.x
apple / cups	1.1.9	1.1.9.x
apple / cups	1.3.7	1.3.7.x
apple / cups	1.1.19-rc5	1.1.19-rc5.x
apple / cups	1.2-rc1	1.2-rc1.x
apple / cups	1.6-rc1	1.6-rc1.x
apple / cups	1.4.3	1.4.3.x
apple / cups	1.1.1	1.1.1.x
apple / cups	1.2.8	1.2.8.x
apple / cups	-	1.7.1.x
apple / cups	1.2.2	1.2.2.x
apple / cups	1.4.2	1.4.2.x
apple / cups	1.1.10	1.1.10.x
apple / cups	1.2.11	1.2.11.x
apple / cups	1.1.22-rc2	1.1.22-rc2.x
apple / cups	1.1.21-rc1	1.1.21-rc1.x
apple / cups	1.3-rc1	1.3-rc1.x
apple / cups	1.5.1	1.5.1.x
apple / cups	1.1.11	1.1.11.x
apple / cups	1.1.19-rc3	1.1.19-rc3.x
apple / cups	1.1.6	1.1.6.x
apple / cups	1.1.10-1	1.1.10-1.x
apple / cups	1.5.4	1.5.4.x
apple / cups	1.5-rc1	1.5-rc1.x
apple / cups	1.3.0	1.3.0.x
apple / cups	1.4-b3	1.4-b3.x
apple / cups	1.4.5	1.4.5.x
apple / cups	1.5-b1	1.5-b1.x
apple / cups	1.4-b2	1.4-b2.x
apple / cups	1.3.5	1.3.5.x
apple / cups	1.3.6	1.3.6.x
apple / cups	1.1.20-rc2	1.1.20-rc2.x
apple / cups	1.1.20-rc3	1.1.20-rc3.x
apple / cups	1.2.5	1.2.5.x
apple / cups	1.1.19-rc2	1.1.19-rc2.x

Vulnerability Database

289,599

CVE-2014-2856