PT-2009-2717 · Squid+1 · Squid+1

Published

2009-12-30

Updated

2010-01-04

CVE-2008-7250

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Sarg version 2.2.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header. This occurs because the Squid proxy log does not properly handle the User-Agent header when displaying it.

Recommendations For Sarg version 2.2.4, update to a version that properly handles the User-Agent header to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-7250

Affected Products

Sarg

Squid

PT-2009-2717 · Squid+1 · Squid+1

CVE-2008-7250

Weakness Enumeration

Related Identifiers

Affected Products

References · 7