Base Score

MEDIUM6.1

CVE-2019-13345

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

VectorNETWORK

Published Bycve@mitre.org

Published DateJul 05, 2019, 16:15

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
http://www.securityfocus.com/bid/109095
https://access.redhat.com/errata/RHSA-2019:3476
https://bugs.squid-cache.org/show_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/
https://seclists.org/bugtraq/2019/Aug/42
https://usn.ubuntu.com/4059-1/
https://usn.ubuntu.com/4059-2/
https://www.debian.org/security/2019/dsa-4507

Base Score

MEDIUM6.1

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

6.1

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE