Reported January 4, 2002, by Satoshi Ishizuka.

VERSION AFFECTED

  • DeleGate Proxy Server 7.7.1 and 7.7.0 for Windows

 

DESCRIPTION
A cross-site scripting vulnerability exists in DeleGate Proxy server that results in automatic JavaScript code execution on the Web user's browser when there's a URL that displays the error message "403 Forbidden" and the administrator displays his or her own configured error message using the MOUNT option.

 

VENDOR RESPONSE

The vendor, Delegate, has released version 7.8.0 to correct this concern.

 

CREDIT
Discovered by Satoshi Ishizuka and Keigo Yamazaki.