Impact
Reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a known bug in the server which will cause a 500 error, and the response will then embed the URL provided by the hacker.
The impact is moderate as the hacker must also be able to craft an HTTP request which should cause a 500 server error. None such requests are known as this point.
Patches
Anyone on Version 2.90 must upgrade to Version 2.95.
Link to the release -> https://github.com/TekMonksGitHub/monkshu/releases/tag/v2.95
Workarounds
Use disk caching plugin
References
Common Weakness Enumeration: CWE-79. https://cwe.mitre.org/data/definitions/79.html
Common Weakness Enumeration: CWE-116. https://cwe.mitre.org/data/definitions/116.html
For more information
If you have any questions or comments about this advisory:
Impact
Reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a known bug in the server which will cause a 500 error, and the response will then embed the URL provided by the hacker.
The impact is moderate as the hacker must also be able to craft an HTTP request which should cause a 500 server error. None such requests are known as this point.
Patches
Anyone on Version 2.90 must upgrade to Version 2.95.
Link to the release -> https://github.com/TekMonksGitHub/monkshu/releases/tag/v2.95
Workarounds
Use disk caching plugin
References
Common Weakness Enumeration: CWE-79. https://cwe.mitre.org/data/definitions/79.html
Common Weakness Enumeration: CWE-116. https://cwe.mitre.org/data/definitions/116.html
For more information
If you have any questions or comments about this advisory: