This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote print service is affected by a cross-site scripting
According to its banner, the version of CUPS installed on the remote
host is prior to version 1.7.2. It is, therefore, affected by a
cross-site scripting vulnerability.
A flaw exists with the is_path_absolute function within the
scheduler/client.cscript. This could allow a context-dependent
attacker, with a specially crafted request, to execute arbitrary
script code within the browser and server trust relationship.
Note that Nessus has not tested for this issue, but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to CUPS version 1.7.2 or later, or apply the vendor patch.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true