Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
| Link | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0750/references | vdb entry |
| http://secunia.com/advisories/28668 | third party advisory |
| http://www.gentoo.org/security/en/glsa/glsa-200803-21.xml | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40972 | vdb entry |
| http://sourceforge.net/project/shownotes.php?release_id=581509 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:079 | vendor advisory |
| http://secunia.com/advisories/29309 | third party advisory |
| http://secunia.com/advisories/29500 | third party advisory |
| http://www.securityfocus.com/bid/28077 | vdb entry |