[VIM] Vulnerability Summary CVE-2006-2184

Steven M. Christey coley at linus.mitre.org
Fri May 12 15:04:24 EDT 2006


Maybe the vendor fixed the most obvious XSS first, and FrSIRT captured
that fix, but then I found this new variant.  I have a very vague
recollection of testing more obvious XSS when the issue was first
released.

> I just checked the demo web site, it doesn't seem fixed:
> If you follow what Steven M. Christey said, inserting  "
> onmouseover="javascript:alert('hi')" in the search box will work.
> "At the invitation of the vendor to test the demo site, CVE was able to
> verify
> an XSS javascript event variant in the demo page."
> kind regards,
> Siegfried
>
>
> Le Ven 12 mai 2006 12:44, Fr-SIRT a écrit :
> > Hello,
> >
> > This vulnerability exists and has been fixed in an updated 1.5 version.
> >
> > http://www.frsirt.com/english/advisories/2006/1628
> >
> > Regards,
> > Fr-SIRT
> >
>
>


More information about the VIM mailing list