[VIM] vendor dispute: 21820: lemoon Search Module q Variable XSS (fwd)
security curmudgeon
jericho at attrition.org
Wed Jan 18 02:11:08 EST 2006
(testing again, #2)
---------- Forwarded message ----------
From: "[iso-8859-1] Mans Ohrstrom
To: moderators at osvdb.org
Date: Sat, 14 Jan 2006 23:55:30 +0100
Subject: [OSVDB Mods] [Change Request] 21820: lemoon Search Module q Variable
XSS
Dear sirs,
lemoon is an off-the-shelf CMS system based on .NET framework. Sites are built
on top of ASP.NET and you use lemoon core objects to easily manage and render
content. The XSS vuln. you are referring to exists in one of our public sites
built on lemoon i.e. a custom made site (as all sites are). The problem exists
in a UserControl that handles form input and is in no way related to the lemoon
core product. It would be like blaming MS Word for a spelling mistake in a
document. I'm sure you are not in the business of reporting about a "security
vulnerability" on a corporate website.
Please update/remove this security issue.
Thank you for trying to help us make lemoon a more secure product.
Best regards,
Mans Ohrstrom
CTO, Mindroute Software
More information about the VIM
mailing list