3 matches found
CVE-2012-4667
Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...
CVE-2012-3501
CVE-2012-3501 affects SquidClamav (SquidClamav 5.x before 5.8 and 6.x before 6.7) where the function squidclamav_check_preview_handler passes an unescaped URL to a system command. This can allow a remote attacker to trigger a denial of service (daemon crash) by sending a URL containing certain ch...
CVE-2012-4667
SquidClamav 5.x is vulnerable to multiple XSS flaws (notably via clwarn.cgi parameters: url, virus, source, user) due to improper sanitization of user input. These issues affect CGI scripts under cgi-bin/ and allow remote attackers to inject arbitrary script/HTML in victims’ browsers. The CVE has...