Reported January 4, 2002, by Satoshi Ishizuka.
VERSION AFFECTED
-
DeleGate Proxy Server 7.7.1 and 7.7.0 for Windows
DESCRIPTION
A
cross-site scripting vulnerability exists in DeleGate Proxy server that results
in automatic JavaScript code execution on the Web user's browser when
there's a URL that displays the error message "403 Forbidden" and the
administrator displays his or her own configured error message using the MOUNT
option.
VENDOR RESPONSE
The vendor, Delegate, has released version 7.8.0 to correct this concern.
CREDIT
Discovered by Satoshi Ishizuka
and Keigo Yamazaki.
0 comments
Hide comments