FreeBSD : squidclamav -- XSS in default virus warning pages (ce680f0a-eea6-11e1-8bd8-0022156e8794)
Medium Nessus Plugin ID 61679
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSquidClamav developers report :
This release fix several security issues by escaping CGI parameters.
Prior to versions 6.7 and 5.8, CGI script clwarn.cgi was not properly sanitizing input variables, so they could be used to inject arbitrary strings to the generated page, leading to the cross-site scripting attacks.
SolutionUpdate the affected packages.