Ubuntu Security Notice 856-1: CUPS vulnerability

Article Source Ubuntu Security Notices
November 10, 2009, 7:55 am

Aaron Sigel discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data…

Read More