CVE-2009-2820

macOS < 10.6.2 - Cross-Site Scripting via CUPS Web Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2820. PoCs published by Aaron Sigel.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in CUPS versions prior to 1.4.2, where insufficient input sanitization allows arbitrary script execution in a victim's browser context. The example URI demonstrates the vulnerability but does not include functional exploit code.

Description

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aaron Sigel · textremotemultiple
https://www.exploit-db.com/exploits/10001

The provided text describes a cross-site scripting (XSS) vulnerability in CUPS versions prior to 1.4.2, where insufficient input sanitization allows arbitrary script execution in a victim's browser context. The example URI demonstrates the vulnerability but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: CUPS prior to 1.4.2
No auth needed
Prerequisites: Victim interaction required to follow a malicious URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Various Sources x_refsource_confirm
http://www.cups.org/str.php?L3367
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021115.1-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1595.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:072
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36956
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37308
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=529833
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37360
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9153
Various Sources x_refsource_confirm
http://www.cups.org/documentation.php/relnotes.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3184
Various Sources x_refsource_confirm
http://www.cups.org/articles.php?L590
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3937

Scores

EPSS 0.0578
EPSS Percentile 92.2%

Details

CWE
CWE-79
Status published
Products (50)
apple/mac_os_x 10.0
apple/mac_os_x 10.0.0
apple/mac_os_x 10.0.1
apple/mac_os_x 10.0.2
apple/mac_os_x 10.0.3
apple/mac_os_x 10.0.4
apple/mac_os_x 10.1
apple/mac_os_x 10.1.0
apple/mac_os_x 10.1.1
apple/mac_os_x 10.1.2
... and 40 more
Published Nov 10, 2009
Tracked Since Feb 18, 2026