CVE-2019-13345Cross-site Scripting in Squid

CWE-79Cross-site Scripting12 documents9 sources
Severity
6.1MEDIUMNVD
OSV5.9
EPSS
48.5%
top 2.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SquidSquid-cache SquidDebian Linux
Timeline
PublishedJul 5
Latest updateJan 16

Description

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Debiansquid/squid< 4.8-1+3

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-3cp8-63m9-w97j: The cachemgr2022-05-24
OSV
squid, squid3 vulnerabilities2019-07-15
OSV
CVE-2019-13345: The cachemgr2019-07-05
CVEList
CVE-2019-13345: The cachemgr2019-07-05

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Squid Proxy user_name and auth Reflected Cross-Site Scripting (CVE-2019-13345)2025-01-16

📋Vendor Advisories

4
Ubuntu
Squid vulnerabilities2019-07-17
Ubuntu
Squid vulnerabilities2019-07-15
Red Hat
squid: XSS via user_name or auth parameter in cachemgr.cgi2019-07-05
Debian
CVE-2019-13345: squid - The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or au...2019

💬Community

2
Bugzilla
CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi [fedora-all]2019-07-08
Bugzilla
CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi2019-07-08
CVE-2019-13345 — Cross-site Scripting in Squid | cvebase