https://www.exploit-db.com/exploits/24001
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-025

ZaepAntiSpam2.0版本存在跨站脚本(XSS)漏洞。远程攻击者可以通过key参数中的双编码的斜线（％252F）注入任意的web脚本或者HTML。

source: http://www.securityfocus.com/bid/10139/info

It has been reported that Zaep AntiSpam is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

ttp://example.zaep/?key=<script>alert(document.cookie)<%252Fscript>

来源:XF
名称:zaep-antispam-xss(15858)
链接:http://xforce.iss.net/xforce/xfdb/15858
来源:BID
名称:10139
链接:http://www.securityfocus.com/bid/10139
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5EP0I15CKK.html
来源:SECUNIA
名称:11388
链接:http://secunia.com/advisories/11388
来源:BUGTRAQ
名称:20040419ZaepAntiSpamCrossSiteScripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108241507812681&w;=2