Proxomitron Cross-Site Scripting Vulnerability

Proxomitron is a free web proxy server.

Proxomitron is vulnerable to a cross site scripting attack.

The condition is present because of the way URLS are displayed in error messages. It is possible for script code to be embedded in the error page through a maliciously constructed link. When the error is displayed, the script will be executed within the context of the proxy server's error page on the client browser. This may permit various web-based attacks including stealing cookies, etc.


 

Privacy Statement
Copyright 2010, SecurityFocus