DeleGate proxy server cross-site scripting
|delegate-proxy-xss (7745)||Low Risk|
DeleGate is vulnerable to cross-site scripting, caused by improper filtering of HTML tags in URLs. A remote attacker could insert malicious script within a link to a site running Delegate. Once the link is clicked, an error page would be displayed and the script would execute in the victim's Web browser. An attacker could use this vulnerability to obtain the victim's cookie-based authentication information.
DeleGate versions 7.8.0 and 7.8.1 are also vulnerable to various types of cross-site scripting attacks.
Upgrade to the latest version of DeleGate (7.8.0 or later), available from the DeleGate Web site. See References.
- BugTraq Mailing List, Tue Feb 12 2002 - 04:38:08 CST: Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities.
- DeleGate Web site: DeleGate Home Page (www.delegate.org).
- Global InterSec LLC Advisory 2002012101: DeleGate Application Proxy - Multiple Vulnerabilities.
- SNS Advisory No.47: DeleGate Cross Site Scripting Vulnerability.
- BID-3749: DeleGate Cross-Site Scripting Vulnerability
- BID-4058: DeleGate Cross Site Scripting Vulnerability
- OSVDB ID: 6311: DeleGate Error Page XSS
- DeleGate DeleGate 7.7.0
- DeleGate DeleGate 7.7.1
- DeleGate DeleGate 7.8.0
- DeleGate DeleGate 7.8.1
Dec 28, 2001