[3.7] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)
The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user_name or auth parameter.
References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
(from redmine: issue id 10669, created on 2019-07-09)
- Relations:
- parent #10664 (closed)
- Changesets:
- Revision 0a4f1520 by Natanael Copa on 2019-07-11T17:08:10Z:
main/squid: fix CVE-2019-13345
fixes #10669
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information