CVE-2001-1202

DeleGate 7.7.0 and 7.7.1 - Cross-Site Scripting via Error Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1202. PoCs published by SNS Research.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in DeleGate proxy server where HTML tags are not filtered from error page links, allowing script execution in the context of the site.

Description

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SNS Research · textremotemultiple

https://www.exploit-db.com/exploits/21193

View Code ZIP pw:eip

The exploit describes a cross-site scripting (XSS) vulnerability in DeleGate proxy server where HTML tags are not filtered from error page links, allowing script execution in the context of the site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DeleGate proxy server

No auth needed

Prerequisites: A link to a DeleGate proxy server with an error page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3749

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=100956050432351&w=2

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/7745.php

Scores

EPSS 0.0667

EPSS Percentile 93.0%

Details

Status published

Products (4)

delegate/delegate 7.7.0

delegate/delegate 7.7.1

delegate/delegate 7.8.0

delegate/delegate 7.8.1

Published Dec 28, 2001

Tracked Since Feb 18, 2026