[VIM] CVE-2006-2490 (Mobotix) vendor ACK

Steven M. Christey coley at linus.mitre.org
Mon Aug 21 13:19:34 EDT 2006

---------- Forwarded message ----------
Date: Mon, 21 Aug 2006 17:04:09 +0200
From: Daniel Kabs
To: nvd at nist.gov
Cc: cve at mitre.org
Subject: CVE-2006-2490: Vendor Statement


In your vulnerability summary CVE-2006-2490 you report multiple cross-site
scripting (XSS) vulnerabilities in MOBOTIX IP Network Cameras.

I'd like to write an official vendor statement about this CVE entry. I am
a developer at MOBOTIX AG and responsible for fixing the security
issue you report in your advisory.

I'd like to inform you that we have resolved this problem as of

MOBOTIX provides new software versions that include a security patch that
prevents cross site scripting flaws. Customers are encouraged to upgrade
to at least software version
- V2.2.3.18 (for camera models M10/D10) and
- V3.0.3.31 (for camera model M12)
or higher (if available). The software is available for download from our
website http://www.mobotix.com/services/software_downloads

Please include this information in your CVE entry. Thank you very much.

Daniel Kabs
Internet: http://www.mobotix.com/

More information about the VIM mailing list