9 lines
No EOL
803 B
Text
9 lines
No EOL
803 B
Text
source: https://www.securityfocus.com/bid/3749/info
|
|
|
|
DeleGate is a proxy server which runs on Linux , Unix, Microsoft Windows and OS/2 platforms. It is capable of translating a number of protocols(HTTP, FTP, NNTP, POP, Telnet, etc.) between client and server.
|
|
|
|
DeleGate is prone to cross-site scripting attacks. HTML tags are not filtered from links to error pages. As a result, it is possible for an attacker to insert malicious script code into a link to a site running DeleGate. When a web user clicks the link an error page will be displayed and the script code will be executed on the web user in the context of the site running DeleGate.
|
|
|
|
Such an attack may be used to steal a legitimate user's cookie-based authentication credentials.
|
|
|
|
http://IP_Address_of_DeleGate/<script>alert("aaa");</script> |