CUPS Templating Engine Cross-site Scripting Vulnerability (CVE-2015-1159)

A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web. In certain cases, the CGI template can echo user input to file rather than escaping the text first. This may be used to set up a reflected XSS attack in the QUERY parameter of the web interface help page. By default, many Linux distributions run with the web interface activated.