DeleGate proxy server cross-site scripting

delegate-proxy-xss (7745) The risk level is classified as LowLow Risk

Description:

DeleGate is vulnerable to cross-site scripting, caused by improper filtering of HTML tags in URLs. A remote attacker could insert malicious script within a link to a site running Delegate. Once the link is clicked, an error page would be displayed and the script would execute in the victim's Web browser. An attacker could use this vulnerability to obtain the victim's cookie-based authentication information.

DeleGate versions 7.8.0 and 7.8.1 are also vulnerable to various types of cross-site scripting attacks.


Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of DeleGate (7.8.0 or later), available from the DeleGate Web site. See References.

References:

Platforms Affected:

  • DeleGate DeleGate 7.7.0
  • DeleGate DeleGate 7.7.1
  • DeleGate DeleGate 7.8.0
  • DeleGate DeleGate 7.8.1

Reported:

Dec 28, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page