CVE-2014-2856

Apple Cups < 1.7.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

References (10)

Scores

EPSS 0.0103
EPSS Percentile 77.2%

Details

CWE
CWE-79
Status published
Products (50)
apple/cups < 1.7.1
apple/cups
apple/cups
apple/cups
apple/cups
apple/cups
apple/cups
apple/cups
apple/cups
apple/cups
... and 40 more
Published Apr 18, 2014
Tracked Since Feb 18, 2026