CVE-2001-0991

Proxomitron Naoko-4 BetaFour and earlier - Cross-Site Scripting via Error Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0991. PoCs published by TAKAGI Hiromitsu.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Proxomitron, where maliciously crafted URLs can inject JavaScript into error pages. The vulnerability allows arbitrary script execution in the context of the proxy server's error page.

Description

Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by TAKAGI Hiromitsu · textremotemultiple
https://www.exploit-db.com/exploits/21025

This is a writeup describing a cross-site scripting (XSS) vulnerability in Proxomitron, where maliciously crafted URLs can inject JavaScript into error pages. The vulnerability allows arbitrary script execution in the context of the proxy server's error page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Proxomitron (version not specified)
No auth needed
Prerequisites: Browser configured to use Proxomitron as a proxy
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/198954
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3087
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6887

Scores

EPSS 0.0316
EPSS Percentile 86.4%

Details

Status published
Products (4)
scott_r._lemmon/proxomitron_naoko-4 beta1
scott_r._lemmon/proxomitron_naoko-4 beta2
scott_r._lemmon/proxomitron_naoko-4 beta3
scott_r._lemmon/proxomitron_naoko-4 beta4
Published Jul 24, 2001
Tracked Since Feb 18, 2026