Rewterz Threat Advisory – CVE-2019-13345 – Squid Multiple Cross Site Scripting Vulnerabilities

Rewterz Threat Alert – Hard Pass: Declining APT34’s Invite to Join Their Professional Network

July 19, 2019

Rewterz Threat Alert – Trickbot Trojan Pushed By Fake Office 365 Sites as Browser Update

July 19, 2019

Rewterz Threat Advisory – CVE-2019-13345 – Squid Multiple Cross Site Scripting Vulnerabilities

Severity

Medium

Analysis Summary

Squid is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Impact

Cross site scripting

Affected Vendors

Squid

Affected Products

Squid versions through 4.7

Remediation

Update to version 4.8.

Rewterz Threat Alert – Hard Pass: Declining APT34’s Invite to Join Their Professional Network

Rewterz Threat Alert – Trickbot Trojan Pushed By Fake Office 365 Sites as Browser Update

Rewterz Threat Advisory – CVE-2019-13345 – Squid Multiple Cross Site Scripting Vulnerabilities

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan