[VIM] vendor dispute: 21820: lemoon Search Module q Variable XSS (fwd)

security curmudgeon jericho at attrition.org
Wed Jan 18 02:11:08 EST 2006

(testing again, #2)

---------- Forwarded message ----------
From: "[iso-8859-1] Mans Ohrstrom
To: moderators at osvdb.org
Date: Sat, 14 Jan 2006 23:55:30 +0100
Subject: [OSVDB Mods] [Change Request] 21820: lemoon Search Module q Variable 

Dear sirs,

lemoon is an off-the-shelf CMS system based on .NET framework. Sites are built 
on top of ASP.NET and you use lemoon core objects to easily manage and render 
content. The XSS vuln. you are referring to exists in one of our public sites 
built on lemoon i.e. a custom made site (as all sites are). The problem exists 
in a UserControl that handles form input and is in no way related to the lemoon 
core product. It would be like blaming MS Word for a spelling mistake in a 
document. I'm sure you are not in the business of reporting about a "security 
vulnerability" on a corporate website.

Please update/remove this security issue.

Thank you for trying to help us make lemoon a more secure product.

Best regards,

Mans Ohrstrom
CTO, Mindroute Software

More information about the VIM mailing list