Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 4957: Multiple XSS issues in cachemgr.cgi #429

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
4 participants
@yadij
Copy link
Contributor

commented Jul 5, 2019

The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.

@rousskov
Copy link
Contributor

left a comment

I do not see problems with the proposed changes so I am approving this PR.

FWIW, I think that all this poorly written CGI code should be completely removed from Squid. If somebody wants to maintain it outside of Squid, they sure can, but the Squid Project has insufficient resources to do web UIs right (including doing them safely).

@kinkie

This comment has been minimized.

Copy link
Contributor

commented Jul 5, 2019

@rousskov

This comment has been minimized.

Copy link
Contributor

commented Jul 5, 2019

There i an experimental branch, provably out of date, meaning to reimplement this in javascript

As far as the Squid Project goes, I am pretty sure that this functionality should be removed rather than re-implemented (in any language). As for some hypothetical external re-implementation, a Javascript/HTML5 client does indeed sound like a giant step forward (and away from a server-side CGI).

squid-anubis added a commit that referenced this pull request Jul 7, 2019

Bug 4957: Multiple XSS issues in cachemgr.cgi (#429)
The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.

squidadm added a commit to squidadm/squid that referenced this pull request Jul 7, 2019

Bug 4957: Multiple XSS issues in cachemgr.cgi (squid-cache#429)
The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.

yadij added a commit that referenced this pull request Jul 8, 2019

Bug 4957: Multiple XSS issues in cachemgr.cgi (#429)
The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.

squidadm added a commit to squidadm/squid that referenced this pull request Jul 9, 2019

Bug 4957: Multiple XSS issues in cachemgr.cgi (squid-cache#429)
The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.

yadij added a commit that referenced this pull request Jul 9, 2019

Bug 4957: Multiple XSS issues in cachemgr.cgi (#429)
The cachemgr.cgi web module of the squid proxy is vulnerable
to XSS issue. The vulnerable parameters "user_name" and "auth"
have insufficient sanitization in place.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.