CVE-2018-19131Cross-site Scripting in Squid

CWE-79Cross-site Scripting8 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SquidSquid-cache Squid
Timeline
PublishedNov 9
Latest updateMay 14

Description

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Debiansquid/squid< 4.4-1+3

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.org

🔴Vulnerability Details

3
GHSA
GHSA-jr78-3r97-gpxf: Squid before 42022-05-14
CVEList
CVE-2018-19131: Squid before 42018-11-09
OSV
CVE-2018-19131: Squid before 42018-11-09

📋Vendor Advisories

2
Red Hat
squid: Cross-Site Scripting when generating HTTPS response messages about TLS errors2018-10-31
Debian
CVE-2018-19131: squid - Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error pa...2018

💬Community

2
Bugzilla
CVE-2018-19131 squid: Cross-Site Scripting when generating HTTPS response messages about TLS errors2018-11-01
Bugzilla
CVE-2018-19131 squid: Cross-Site Scripting when generating HTTPS response messages about TLS errors [fedora-all]2018-11-01
CVE-2018-19131 — Cross-site Scripting in Squid | cvebase