VDB

GCVE-110-MAGEIA-2016-237

GCVE-110-MAGEIA-2016-237
Advisory Published
Vulnetix · Advisory published July 5, 2016
The squidGuard.cgi program is vulnerable to a reflected cross site scripting vulnerability in the blocking script squidGuard.cgi. The vulnerability is triggered when a user clicks a link to a blocked site where the url has scripting instructions added (CVE-2015-8936). In Mageia's squidguard package, both /var/www/cgi-bin/squidGuard.cgi and /usr/share/squidGuard-1.4/samples/squidGuard.cgi were affected. Note that it is highly recommended that any remaining users of this package switch to ufdbguard, which has better compatibility with current versions of Squid.

Affected Products

VendorProductVersionsPlatforms
Mageiasquidguard0 (affected), 1.4-21.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›