[VIM] CVE-2006-2490 (Mobotix) vendor ACK
Steven M. Christey
coley at linus.mitre.org
Mon Aug 21 13:19:34 EDT 2006
---------- Forwarded message ----------
Date: Mon, 21 Aug 2006 17:04:09 +0200
From: Daniel Kabs
To: nvd at nist.gov
Cc: cve at mitre.org
Subject: CVE-2006-2490: Vendor Statement
Hello!
In your vulnerability summary CVE-2006-2490 you report multiple cross-site
scripting (XSS) vulnerabilities in MOBOTIX IP Network Cameras.
I'd like to write an official vendor statement about this CVE entry. I am
a developer at MOBOTIX AG and responsible for fixing the security
issue you report in your advisory.
I'd like to inform you that we have resolved this problem as of
2006-06-27.
MOBOTIX provides new software versions that include a security patch that
prevents cross site scripting flaws. Customers are encouraged to upgrade
to at least software version
- V2.2.3.18 (for camera models M10/D10) and
- V3.0.3.31 (for camera model M12)
or higher (if available). The software is available for download from our
website http://www.mobotix.com/services/software_downloads
Please include this information in your CVE entry. Thank you very much.
Sincerely,
Daniel Kabs
Internet: http://www.mobotix.com/
More information about the VIM
mailing list