[3.9] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)
The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user_name or auth parameter.
References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
(from redmine: issue id 10667, created on 2019-07-09)
- Relations:
- parent #10664 (closed)
- Changesets:
- Revision 48e59c02 by Natanael Copa on 2019-07-11T16:42:03Z:
main/squid: upgrade to 4.8 (CVE-2019-13345)
fixes #10667
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information