squidclamav -- cross-site scripting in default virus warning pages

2012-07-24T00:00:00
ID CE680F0A-EEA6-11E1-8BD8-0022156E8794
Type freebsd
Reporter FreeBSD
Modified 2012-07-24T00:00:00

Description

SquidClamav developers report:

This release fix several security issues by escaping CGI parameters.

Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site scripting attacks.