REDHAT-BUG-529833: XSS
First published: Tue Oct 20 2009(Updated: )
Several cross-site scripting (XSS) flaws were found in the way CUPS web server interface used to process HTML form(s) content. A remote attacker could provide a specially-crafted HTML page(s), which once visited, by a local, unsuspecting user could lead to intended client-side security mechanisms bypass or, potentially, to injecting of malicious scripts into web pages, processed by CUPS web interface. Acknowledgements: Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CUPS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=365324&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=365324&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=365326&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=365326&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=366865&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=366865&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=529833#c10
- http://www.cups.org/articles.php?L590
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- https://rhn.redhat.com/errata/RHSA-2009-1595.html
- https://bugzilla.redhat.com/show_bug.cgi?id=529833
Frequently Asked Questions
What is the severity of REDHAT-BUG-529833?
The severity of REDHAT-BUG-529833 is considered high due to the potential for cross-site scripting attacks.
How do I fix REDHAT-BUG-529833?
To fix REDHAT-BUG-529833, ensure you are using the latest version of Apple CUPS with all relevant patches applied.
What type of vulnerability is REDHAT-BUG-529833?
REDHAT-BUG-529833 is classified as a cross-site scripting (XSS) vulnerability.
Who is affected by REDHAT-BUG-529833?
Users of Apple CUPS are affected by the vulnerability identified as REDHAT-BUG-529833.
Can REDHAT-BUG-529833 be exploited remotely?
Yes, REDHAT-BUG-529833 can be exploited remotely by tricking a user into visiting a malicious HTML page.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2820
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/cups