DeleGate proxy server cross-site scripting
|delegate-proxy-xss (7745)||Low Risk|
DeleGate is vulnerable to cross-site scripting, caused by improper filtering of HTML tags in URLs. A remote attacker could insert malicious script within a link to a site running Delegate. Once the link is clicked, an error page would be displayed and the script would execute in the victim's Web browser. An attacker could use this vulnerability to obtain the victim's cookie-based authentication information.
DeleGate versions 7.8.0 and 7.8.1 are also vulnerable to various types of cross-site scripting attacks.
Upgrade to the latest version of DeleGate (7.8.0 or later), available from the DeleGate Web site. See References.
- BugTraq Mailing List, Tue Feb 12 2002 - 04:38:08 CST: Re: [Global InterSec 2002012101] DeleGate Application Proxy - Multiple Vulnerabilities.
- DeleGate Web site: DeleGate Home Page (www.delegate.org).
- Global InterSec LLC Advisory 2002012101: DeleGate Application Proxy - Multiple Vulnerabilities.
- SNS Advisory No.47: DeleGate Cross Site Scripting Vulnerability.
- BID-3749: DeleGate Cross-Site Scripting Vulnerability
- BID-4058: DeleGate Cross Site Scripting Vulnerability
- OSVDB ID: 6311: DeleGate Error Page XSS
- DeleGate DeleGate 7.7.0
- DeleGate DeleGate 7.7.1
- DeleGate DeleGate 7.8.0
- DeleGate DeleGate 7.8.1
Dec 28, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this