https://www.exploit-db.com/exploits/21554
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-231

ImatixXitami2.5b4和2.5b5版本中的Errors.gsl存在跨站脚本(XSS)漏洞。远程攻击者可以通过（1）JavaScript事件注入任意web脚本或HTML，该漏洞通过IMGSRC标签中的onerror事件或(2)HTTPGET请求中的User-Agent领域来说明。

source: http://www.securityfocus.com/bid/5025/info

Imatix Xitami is a webserver for Microsoft Windows operating systems.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.

Xitami fails to check URLs for the presence of script commands when generating error pages returned from sample scripts that use Errors.gsl, allowing attacker supplied code to execute. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://www.<IMG%20SRC=""%20ONERROR="alert(document.cookie)">.target.com/error404

来源:BID
名称:5025
链接:http://www.securityfocus.com/bid/5025