QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11454

Published: Apr 22, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c

x_refsource_MISC

https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3

x_refsource_MISC

https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py

x_refsource_MISC

[debian-lts-announce] 20190426 [SECURITY] [DLA 1767-1] monit security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

FEDORA-2020-9c19202d55

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-f70cd7c24b

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20211227 [SECURITY] [DLA 2855-1] monit security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.