CVE-2021-44543 — Cross-site Scripting in Privoxy

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

OSV7.5

EPSS

0.3%

top 42.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Privoxy Debian Privoxy

Timeline

PublishedDec 23

Latest updateJan 25

Description

An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶debiandebian/privoxy< privoxy 3.0.33-1 (bookworm)

▶NVDprivoxy/privoxy< 3.0.33

▶Debianprivoxy/privoxy< 3.0.32-2+deb11u1+3

▶Ubuntuprivoxy/privoxy< 3.0.26-5ubuntu0.3+1

▶CVEListV5privoxy/privoxyPrivoxy 3.0.33

🔴Vulnerability Details

OSV

privoxy vulnerabilities↗2023-01-25

▶

GHSA

GHSA-hf3j-m5fx-q82c: An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce↗2021-12-24

▶

OSV

CVE-2021-44543: An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce↗2021-12-23

▶

📋Vendor Advisories

Ubuntu

Privoxy vulnerabilities↗2023-01-25

▶

Debian

CVE-2021-44543: privoxy - An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_templa...↗2021

▶