CyberSec.Space Logo
Back to CVE Browser

CVE-2008-7250

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile35.97th
PublishedDec 30, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

Affected Platforms (CPE)

πŸ“¦
Pedro Lineu Orso

Sarg

= 2.2.4

References & Advisories

πŸ”— http://secunia.com/advisories/28668
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=581509
πŸ”— http://www.vupen.com/english/advisories/2008/0750
πŸ”— http://secunia.com/advisories/28668
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=581509
πŸ”— http://www.vupen.com/english/advisories/2008/0750

Related Vulnerabilities

CVE-2008-116710.0

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remo...

CVE-2008-192210.0

Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a craf...

CVE-2008-72499.3

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to ex...

CVE-2019-189327.0

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temp...