• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

W3C Jigsaw Proxy Server Cross-Site Scripting Vulnerability

The W3C Jigsaw project includes a HTTP proxy server written in Java.

When the proxy server cannot successfully resolve a fully qualified domain name, an error page is served to the client. The requested URL is included in the content of this page without being adequately sanitized. Consequently, embedded script code may execute within the context of the requested URL (and it's domain). Exploitation may result in theft of cookie information or impersonation of websites associated with the domain.