[VIM] The disappearing iPostMX 2005 SQL injection issue

Steven M. Christey coley at linus.mitre.org
Mon Jun 19 20:37:15 EDT 2006


On Mon, 19 Jun 2006, security curmudgeon wrote:

> On 2006-06-16, I created two entries in OSVDB for iPostMX cross-site
> scripting issues.
>
> 26522: iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
> 26523: iPostMX 2005 account.cfm RETURNURL Variable XSS
>
> At the time, the pridels advisory contained no mention of SQL injection
> vulnerabilities.

I verified with my analyst that the original version of the advisory
contained the SQL injection.

I attempted to email him but the address bounced.  Just sent in a comment
to the page - we'll see if it's approved and answered.

- Steve


More information about the VIM mailing list