[3.11] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)
The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user_name or auth parameter.
References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
(from redmine: issue id 10665, created on 2019-07-09)
- Relations:
- parent #10664 (closed)
- Changesets:
- Revision 1bd365a6 by Natanael Copa on 2019-07-11T16:35:18Z:
main/squid: upgrade to 4.8
fixes #10665
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information