Prophaze WAF Blog

Squid under the threat of Multiple Cross Site Scripting Vulnerabilities - Cloud WAF

Written by Rajaneesh | Jul 23, 2019 8:09:44 AM

Squid was found to be prone to multiple Cross Site Scripting Vulnerabilities. It was failing to sanitise user supplied input.
An attacker can make use of this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, they do the same in the context of the affected site. This can also allow the attacker to steal cookie based authentication credentials and also launch other similar attacks

CVE-2019-13345

Affected versions :
Squid Squid 4.0.17
Squid Squid 4.0.16
Squid Squid 4.0.8
Squid Squid 4.0.6
Squid Squid 4.0.5
Squid Squid 4.0.4
Squid Squid 4.7
Squid Squid 4.6
Squid Squid 4.5
Squid Squid 4.4
Squid Squid 4.0.9
Squid Squid 4.0.7
Squid Squid 4.0.10
Squid Squid 4.0