Free Trial

Web Application Firewall

Squid under the threat of Multiple Cross Site Scripting Vulnerabilities

Squid was found to be prone to multiple Cross Site Scripting Vulnerabilities. It was failing to sanitise user supplied input.
An attacker can make use of this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, they do the same in the context of the affected site. This can also allow the attacker to steal cookie based authentication credentials and also launch other similar attacks

CVE-2019-13345

Affected versions :
Squid Squid 4.0.17
Squid Squid 4.0.16
Squid Squid 4.0.8
Squid Squid 4.0.6
Squid Squid 4.0.5
Squid Squid 4.0.4
Squid Squid 4.7
Squid Squid 4.6
Squid Squid 4.5
Squid Squid 4.4
Squid Squid 4.0.9
Squid Squid 4.0.7
Squid Squid 4.0.10
Squid Squid 4.0

Recent Posts

What Is A Security Misconfiguration?

What Is A Security Misconfiguration?

CVE-2023-28771 : ZYXEL USG/USG FLEX/VPN/ATP ERROR MESSAGE OS COMMAND INJECTION

CVE-2023-28771 : ZYXEL USG/USG FLEX/VPN/ATP ERROR MESSAGE OS COMMAND INJECTION

What Is Insecure Deserialization

What Is Insecure Deserialization? How To Protect The Application From Insecure Deserialization Attacks?

Follow Us

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

Web Application Firewall Solution

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

CVE-2024-21511 : MYSQL2 UP TO 3.9.6 READCODEFOR TIMEZONE CODE INJECTION

April 23, 2024 No Comments

Description Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the

CTEM Framework In Cloud Security

CTEM Framework In Cloud Security

April 23, 2024 No Comments

Significant challenges have marked the cloud security landscape as organizations increasingly rely on cloud services. In 2023, 82% of data

CVE-2024-29733 : APACHE AIRFLOW UP TO 3.6.X FTP PROVIDER CERTIFICATE VALIDATION

CVE-2024-29733 : APACHE AIRFLOW UP TO 3.6.X FTP PROVIDER CERTIFICATE VALIDATION

April 22, 2024 No Comments

Description Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections,