[原文]Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.
The vendor has stated this issue will be resolved in a future release. ----- Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
A problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks.
CensorNet contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "DENIEDURL" variable upon submission to the "dansguardian.pl" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.