4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.6%
SquidClamav developers report:
This release fix several security issues by escaping CGI
parameters.
Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not
properly sanitizing input variables, so they could be used to
inject arbitrary strings to the generated page, leading
to the cross-site scripting attacks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | squidclamav | < 5.8 | UNKNOWN |