[VIM] 22068: Speartek Search Module XSS (fwd)
security curmudgeon
jericho at attrition.org
Wed Aug 30 22:48:53 EDT 2006
---------- Forwarded message ----------
From: Danny DuVal
To: moderators at osvdb.org
Date: Wed, 30 Aug 2006 16:57:23 -0400
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] [Change Request] 22068: Speartek Search Module XSS
To whom it may concern:
Regarding http://www.osvdb.org/22068, we are in the process of addressing
this and closing the hole that is claimed. While XSS can be executed on
certain things suck as search pages, things such as login scripts are not
susceptible to XSS injections. Even though cookies don't store any user
pertinent information we do desire to not have links such as the one above
appear immediately after our search results.
If someone could connect me with someone I could coordinate with once a
working solution is up and running so that a solution can be verified I would
very much appreciate it.
Thank you,
Danny DuVal
Application Developer
Speartek, Inc
More information about the VIM
mailing list