[原文]Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.
Netscreen-SA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "row" variable upon submission to the "delhomepage.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Netscreen has released a patch to address this vulnerability.