CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-7250

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile35.97th
Published2009年12月30日
Last Modified2026年4月23日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

Affected Platforms (CPE)

📦
Pedro Lineu Orso

Sarg

= 2.2.4

References & Advisories

🔗 http://secunia.com/advisories/28668
🔗 http://sourceforge.net/project/shownotes.php?release_id=581509
🔗 http://www.vupen.com/english/advisories/2008/0750
🔗 http://secunia.com/advisories/28668
🔗 http://sourceforge.net/project/shownotes.php?release_id=581509
🔗 http://www.vupen.com/english/advisories/2008/0750

相关漏洞威胁

CVE-2008-116710.0

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remo...

CVE-2008-192210.0

Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a craf...

CVE-2008-72499.3

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to ex...

CVE-2019-189327.0

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temp...

CVE-2008-7250 Detail & Impact Analysis | CVSS 4.3 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space