Your submission was sent successfully! Close

CVE-2019-13345

Published: 5 July 2019

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Ignored
(reached end-of-life)
disco
Released (4.4-1ubuntu2.1)
precise Does not exist

trusty Does not exist

upstream
Released (4.8)
xenial Does not exist

Patches:
upstream: https://github.com/squid-cache/squid/commit/be1dc8614e7514103ba84d4067ed6fd15ab8f82e (4.x)

squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.2)
cosmic Does not exist

disco Does not exist

precise
Released (3.1.19-1ubuntu3.12.04.9)
trusty Does not exist

upstream Needs triage

xenial
Released (3.5.12-1ubuntu7.7)
Patches:

upstream: https://github.com/squid-cache/squid/commit/5730c2b5cb56e7639dc423dd62651c8736a54e35 (3.5)