Reported January 4, 2002, by Satoshi Ishizuka.

VERSION AFFECTED

  • DeleGate Proxy Server 7.7.1 and 7.7.0 for Windows

 

DESCRIPTION
A cross-site scripting vulnerability exists in DeleGate Proxy server that results in automatic JavaScript code execution on the Web user's browser when there's a URL that displays the error message "403 Forbidden" and the administrator displays his or her own configured error message using the MOUNT option.

<span style="font-family:Verdana"> <p></p>
</h3>

VENDOR RESPONSE

The vendor, Delegate, has released version 7.8.0 to correct this concern.

 

CREDIT
Discovered by Satoshi Ishizuka and Keigo Yamazaki.