[VIM] CVE-2006-2642 / OSVDB 25785 - vendor ack
security curmudgeon
jericho at attrition.org
Wed Jun 14 03:32:51 EDT 2006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2642
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or
actionable details. Cross-site scripting (XSS) vulnerability in Marco M.
F. De Santis Php- residence 0.6 and earlier allows remote attackers to
inject arbitrary web script or HTML via "any of its input." NOTE: the
original disclosure is based on vague researcher claims without vendor
acknowledgement; therefore this identifier cannot be linked with any
future identifier that identifies more specific vectors. Perhaps this
should not be included in CVE.
http://www.digitaldruid.net/php-residence/wiki/wiki.php/CHANGELOG
0.6.1 (31/05/2006)
-security bug: htmlspecialchars for input from normal users when inserted
in database
More information about the VIM
mailing list