This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote printer service is affected by a cross-site scripting
According to its banner, the version of CUPS installed on the remote
host is earlier than 1.4.2. The 'kerberos' parameter in such versions
is not properly sanitized before being used to generate dynamic HTML
An attacker can leverage this issue via a combination of attribute
injection and HTTP Parameter Pollution to inject arbitrary script code
into a user's browser to be executed within the security context of
the affected site.
See also :
Upgrade to CUPS version 1.4.2 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true