ALPINE-CVE-2019-13345 — Vulnetix

ALPINE-CVE-2019-13345 PUBLISHED CVSS 6.099999904632568 MEDIUM

The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.

Risk Scores

CVSS v3.0

6.099999904632568

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.19	squid	4.6-r1, 0, 2.7.6-r0
Alpine:v3.18	squid	4.6-r1, 2.7.6-r0, 2.7.6-r1
Alpine:v3.23	squid	2.7.6-r0, 4.6-r1, 4.6-r0
Alpine:v3.12	squid	2.7.6-r0, 2.7.6-r1, 2.7.6-r10
Alpine:v3.9	squid	3.5.6-r1, 4.4-r1, 4.4-r0
Alpine:v3.16	squid	3.2.2-r0, 3.2.0.19-r1, 3.2.0.19-r0
Alpine:v3.13	squid	3.5.17-r0, 2.7.6-r11, 2.7.6-r0
Alpine:v3.7	squid	2.7.6-r0, 2.7.6-r10, 2.7.6-r11
Alpine:v3.15	squid	3.2.0.19-r0, 3.2.0.18-r1, 3.2.0.18-r0
Alpine:v3.20	squid	3.5.19-r0, 3.5.27-r1, 3.2.0.18-r1
Alpine:v3.17	squid	4.6-r1, 4.6-r0, 4.4-r1
Alpine:v3.11	squid	2.7.7-r0, 0, 2.7.6-r0
Alpine:v3.10	squid	4.6-r1, 4.6-r0, 4.4-r1
Alpine:v3.14	squid	4.4-r0, 4.6-r1, 4.6-r0
Alpine:v3.22	squid	3.5.23-r3, 2.7.6-r8, 2.7.6-r9
Alpine:v3.8	squid	2.7.6-r3, 3.5.7-r0, 3.5.6-r1
Alpine:v3.21	squid	0, 2.7.6-r1, 2.7.6-r10

Timeline

Jul 5, 2019 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-13345 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›