WEB APPLICATION VULNERABILITIES Standard & Premium

Squid Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-18860)

Description

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Remediation

References

Related Vulnerabilities

WordPress Plugin MediaElement.js-HTML5 Video & Audio Player Cross-Site Scripting (4.2.8)

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.4)

WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1590)

WordPress Plugin Floating Chat Widget:Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button-Chaty Multiple Cross-Site Scripting Vulnerabilities (2.8.3)

Severity

Medium

Classification

CVE-2019-18860 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities