[VIM] The disappearing iPostMX 2005 SQL injection issue
Steven M. Christey
coley at linus.mitre.org
Mon Jun 19 17:45:10 EDT 2006
On Mon, 19 Jun 2006, security curmudgeon wrote:
> On 2006-06-16, I created two entries in OSVDB for iPostMX cross-site
> scripting issues.
>
> 26522: iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
> 26523: iPostMX 2005 account.cfm RETURNURL Variable XSS
>
> At the time, the pridels advisory contained no mention of SQL injection
> vulnerabilities.
The CVE analyst examined the issue at 8 AM on the 16th. He's not around,
otherwise I'd ask him where he saw it :)
> Currently, the advisory loads fine for me
Oh, it loads fine, but the front page doesn't load correctly for me -
looks like it's my browser, though.
- Steve
More information about the VIM
mailing list