acFreeProxy (a.k.a. " acFP") is an HTTP/1.x proxy for Microsoft Windows environments. It offers caching, and several other features, and has a plug-in format designed for extensibility. A flaw in the product may allow attackers to execute content across domains.
Credit:
The information has been provided by Matthew Murphy.
The proxy server may generate an error message if given a host that it cannot reach, or some other exceptional condition. The error page generated during this process does not have any input validation, and is vulnerable to cross-site scripting. This allows an attacker to inject code as any site the victim can visit, because this problem is in the proxy, and not a specific site.
Impact:
This vulnerability is significantly more dangerous than any site-specific flaw, as it can be exploited to read content from any domain, instead of the limited scope of a typical cross-site scripting flaw, where the site that is flawed is the only site that can be impacted.
