https://www.exploit-db.com/exploits/25592
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1059

WebCrossing5.x的WebX存在跨站脚本攻击(XSS)漏洞，远程攻击者可以通过在URL内包含”@”并在该符号后跟随所要注入的脚本，来注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13482/info

WebCrossing is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/webx?@[code]

来源:XF
名称:web-crossing-webx-xss(20381)
链接:http://xforce.iss.net/xforce/xfdb/20381
来源:BID
名称:13482
链接:http://www.securityfocus.com/bid/13482
来源:OSVDB
名称:16070
链接:http://www.osvdb.org/16070
来源:SECUNIA
名称:15218
链接:http://secunia.com/advisories/15218
来源:MISC
链接:http://osvdb.org/ref/16/16070-webcrossing.txt