SquidClamav Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

SquidClamav is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. SquidClamav versions prior to 5.8 are affected.

Solution

Updates are available. Please see the references for more information.

References

http://squidclamav.darold.net/news.html
http://www.securityfocus.com/bid/55293

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4667

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache mod_proxy_ajp Information Disclosure Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities