---------------------------------------------------------------------- SNS Advisory No.47 DeleGate Cross Site Scripting Vulnerability Problem first discovered: Wed, 26 Dec 2001 Published: Fri, 28 Dec 2001 ---------------------------------------------------------------------- Overview: --------- DeleGate, a multifunctional Proxy server program, contains a vulnerability related to a cross site scripting. Problem Description: -------------------- DeleGate, a multifunctional Proxy server program, is prone to a cross site scripting vulnerability under the following specific conditions: * When there is an URL that displays the error message "403 Forbidden" * When the administrator displays his/her own configured error message using the MOUNT option The configuration that complies with these conditions will result in automatic execution of JavaScript code on the Web user's browser, if the attacker makes the following link, and the user clicks it: http://IP_Address_of_DeleGate/