- Home
- CVEs with nessus.description==According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.2. The 'kerberos' parameter in such versions is not properly sanitized before being used to generate dynamic HTML content.
An attacker can leverage this issue via a combination of attribute injection and HTTP Parameter Pollution to inject arbitrary script code into a user's browser to be executed within the security context of the affected site.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top