CVE-2019-11454

Name of the Vulnerable Software and Affected Versions Monit versions prior to 5.25.3

Description The issue is related to a persistent cross-site scripting (XSS) flaw. This allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication. The vulnerability is exploited during a viewlog operation, which is mishandled.

Recommendations For Monit versions prior to 5.25.3, update to version 5.25.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the viewlog operation to minimize the risk of exploitation. Avoid using unsanitized user input in the Authorization header for HTTP Basic Authentication until the issue is resolved.