Ubuntu Security Notice 856-1 – Aaron Sigel discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82661/USN-856-1.txt
Source: https://packetstormsecurity.com/files/82661/Ubuntu-Security-Notice-856-1.html