CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross-Site Scripting Vulnerability

ID EDB-ID:21649
Type exploitdb
Reporter T.Suzuki
Modified 2002-07-24T00:00:00


CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross Site Scripting Vulnerability. CVE-2002-1060. Remote exploits for multiple platform


CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

User supplied data is not sanitized before being included in an unresolved host error page. An attacker may construct a link for a nonexistant subdomain of a valid site, and include malicious JavaScript. If followed, the supplied script code will execute within the context of the requested domain.<script>EVIL CODE</script>