[VIM] Vulnerability Summary CVE-2006-2184
Siegfried
admin at zone-h.fr
Fri May 12 08:17:38 EDT 2006
I just checked the demo web site, it doesn't seem fixed:
If you follow what Steven M. Christey said, inserting "
onmouseover="javascript:alert('hi')" in the search box will work.
"At the invitation of the vendor to test the demo site, CVE was able to
verify
an XSS javascript event variant in the demo page."
kind regards,
Siegfried
Le Ven 12 mai 2006 12:44, Fr-SIRT a écrit :
> Hello,
>
> This vulnerability exists and has been fixed in an updated 1.5 version.
>
> http://www.frsirt.com/english/advisories/2006/1628
>
> Regards,
> Fr-SIRT
>
More information about the VIM
mailing list