Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a β403 Forbiddenβ error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.