oss-sec mailing list archives
CVE Request: 2015 squidguard reflected XSS
From: Marcus Meissner <meissner () suse de>
Date: Mon, 20 Jun 2016 15:40:53 +0200
Hi, Please assign a CVE for: http://www.squidguard.org/Downloads/CHANGELOG 2015-02-01 Fixed a cross site vulnerability in squidGuard.cgi http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 I have attached the diff against 1.4, the relevant part seem to be the two lines replacing tags in $url. Unsure why they added another \n to the headers, as there are already two \n. Ciao, Marcus
Attachment:
squidguard-20150201.patch
Description:
Current thread:
- CVE Request: 2015 squidguard reflected XSS Marcus Meissner (Jun 20)
- RE: CVE Request: 2015 squidguard reflected XSS CVE ID Requests (Jun 20)
- Re: CVE Request: 2015 squidguard reflected XSS cve-assign (Jun 21)