CVE-2015-1159
EPSS 64.8%
Description
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
How to fix CVE-2015-1159
To remediate CVE-2015-1159, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.7.5-12 or later
Is CVE-2015-1159 being exploited?
Likely — EPSS is 64.8%, placing CVE-2015-1159 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 1.7.5-12