Launchpad.net

CVE 2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

See the CVE page on Mitre.org for more details.