Squid before 44 has XSS via a crafted X509 certificate during HTTP(S) error page generation for certificate errors (CVE-2018-19131)
A memory leak was discovered in the way Squid handles SNMP denied queries A remote attacker may use this flaw to exhaust the resources on the server machine (CVE-2018-19132) ...
A Cross-Site Scripting vulnerability has been discovered in squid in the way X509 certificates fields are displayed in some error pages An attacker who can control the certificate of the origin content server may use this flaw to inject scripting code in the squid generated page, which is executed on the client's browser ...
Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate
CVE-2018-19131 Demo
Author: Jonathan M Wilbur <jonathan@wilburspace>
Copyright Year: 2018
License: MIT License
Do not do anything illegal with this This is not malware This is just a proof of concept
This is a demo of CVE-2018-19131,
which runs in a Docker Compose app