[VIM] OpenEdit XSS vendor dispute
security curmudgeon
jericho at attrition.org
Sat Dec 24 13:03:54 UTC 2005
http://pridels.blogspot.com/2005/12/openedit-xss-vuln.html
1 Comments:
Anonymous teica...
Hi There, I am the author of OpenEdit and I wanted to clarify. The
page variable is just the page number. So it lets you jump from page 1 to
page 100. If you pass in page -1 it will just generate an error. It is not
a problem.
The oe-action is possible more concern but we check for a user being
logged in on most dangerous actions. So this is not considered a security
problem either.
8:29 PM
More information about the VIM
mailing list