Ubuntu Security Notice 2172-1 - Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.
491356bd0784085e834b1ec5a4760e5bcb05c8453ae4e2c654c921d91138d2e1