CVE-2001-0520

Aladdin eSafe Gateway 3.0 and earlier - Cross-Site Scripting via HTML Tag Attribute Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0520. PoCs published by eDvice Security Services.

AI-analyzed exploit summary This is a writeup describing a bypass technique for eSafe Gateway's script-filtering feature by manipulating HTML syntax. The vulnerability allows malicious scripts to execute by tricking the filter into incorrectly parsing nested script tags.

Description

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.

Exploits (1)

exploitdb WRITEUP VERIFIED
by eDvice Security Services · htmlremotemultiple
https://www.exploit-db.com/exploits/20869

This is a writeup describing a bypass technique for eSafe Gateway's script-filtering feature by manipulating HTML syntax. The vulnerability allows malicious scripts to execute by tricking the filter into incorrectly parsing nested script tags.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: eSafe Gateway versions 2.x
No auth needed
Prerequisites: Access to craft and deliver HTML content to a target using eSafe Gateway
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html

Scores

EPSS 0.0238
EPSS Percentile 81.7%

Details

Status published
Products (1)
aladdin_knowledge_systems/esafe_gateway 3.0
Published Aug 14, 2001
Tracked Since Feb 18, 2026