CVE-2012-4667

SquidClamav 5.x - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/.

References (5)

[Patch] http://freecode.com/projects/squidclamav/releases/346722

[Various Sources] http://squidclamav.darold.net/news.html

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/16/2

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/16/4

[Mailing List] http://www.openwall.com/lists/oss-security/2012/08/25/1

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status published

Affected Products (9)

darold/squidclamav

darold/squidclamav

darold/squidclamav

darold/squidclamav

darold/squidclamav

darold/squidclamav

darold/squidclamav

darold/squidclamav

n/a/n/a

Timeline

Published Aug 25, 2012

Tracked Since Feb 18, 2026