PatchSiren

PatchSiren cyber security CVE debrief

CVE-2015-8936 Squidguard CVE debrief

CVE-2015-8936 is a cross-site scripting (XSS) issue in squidGuard.cgi affecting squidGuard versions through 1.4. The NVD record describes remote injection of arbitrary web script or HTML through a blocked-site link, which is why the issue is rated medium severity and requires user interaction.

Vendor
Squidguard
Product
Unknown
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-09
Original CVE updated
2026-05-13
Advisory published
2017-02-09
Advisory updated
2026-05-13

Who should care

Administrators and security teams operating squidGuard deployments, especially environments still running version 1.4 or earlier. Any system exposing squidGuard.cgi to users who may click blocked-site links should treat this as a web-content injection risk.

Technical summary

NVD classifies the weakness as CWE-79 and lists the affected CPE range as squidGuard versions up to and including 1.4. The CVSS v3.0 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates network reachability, no privileges required, and user interaction required. In practical terms, a blocked-site link rendered by squidGuard.cgi can be used to inject attacker-controlled script or HTML into a browser context.

Defensive priority

Medium priority. The issue is not known here as a KEV item, but it can still enable malicious content injection in a browser session and should be remediated on affected deployments.

Recommended defensive actions

  • Upgrade squidGuard to version 1.5 or later, consistent with the affected-version boundary in the NVD record and the CVE description.
  • Review any deployments that expose squidGuard.cgi to end users and validate that blocked-page rendering is not returning attacker-controlled content.
  • If immediate upgrade is not possible, reduce exposure to the CGI interface and apply vendor-provided patches or configuration guidance referenced by the project changelog and patch notes.
  • Verify that downstream pages generated by squidGuard.cgi are properly encoded before rendering user-visible content.

Evidence notes

This debrief is based on the official NVD record for CVE-2015-8936, which lists CWE-79, a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, and an affected CPE range through squidGuard 1.4. The NVD record also cites Openwall oss-security references, a SecurityFocus BID entry, the squidGuard changelog, and a squidGuard patch readme as source references. No exploit code or unverified remediation details were used.

Official resources

CVE-2015-8936 was published in the official CVE record on 2017-02-09T15:59:00.520Z and later modified on 2026-05-13T00:24:29.033Z. This summary uses the published CVE/NVD record as the timing anchor and does not infer an earlier issue date.