squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)
The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user_name or auth parameter.
References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
(from redmine: issue id 10664, created on 2019-07-09)
- Relations:
- child #10665 (closed)
- child #10666 (closed)
- child #10667 (closed)
- child #10668 (closed)
- child #10669 (closed)