https://www.exploit-db.com/exploits/25913
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-225

HostingController的error.asp脚本存在跨站脚本攻击(XSS)漏洞，远程攻击者可借助错误参数注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/14080/info

Hosting Controller is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'error.asp' script.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/admin/hosting/error.asp?error=Xss vul

来源:BID
名称:14080
链接:http://www.securityfocus.com/bid/14080
来源:BUGTRAQ
名称:20051215BuginHC
链接:http://www.securityfocus.com/archive/1/archive/1/419597/100/0/threaded
来源:SECTRACK
名称:1016456
链接:http://securitytracker.com/id?1016456
来源:BUGTRAQ
名称:20050628Cross-SiteScripting(CSS)inHostingControllerAllVersionandhotfixithehe;)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111997456519685&w;=2