Cacheflow CacheOS 3.1.x/4.0.x/4.1 - Unresolved Domain Cross-Site Scripting

EDB-ID:

21649

Author:

T.Suzuki

Type:

remote

Platform:

Multiple

Published:

2002-07-24

source: http://www.securityfocus.com/bid/5305/info

CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

User supplied data is not sanitized before being included in an unresolved host error page. An attacker may construct a link for a nonexistant subdomain of a valid site, and include malicious JavaScript. If followed, the supplied script code will execute within the context of the requested domain.

http://dummy.example.com/<script>EVIL CODE</script>