[VIM] Vulnerability Summary CVE-2006-2184
Siegfried
admin at zone-h.fr
Fri May 12 16:52:58 EDT 2006
maybe yes, because they released this version on May 1st, but you
highlighted the fact that it wasn't fixed correctly and it's still
vulnerable, let's see what the vendor says after the last mail you sent
him, i doubt he can deny it twice and fix it silently.
Siegfried
Le Ven 12 mai 2006 21:04, Steven M. Christey a écrit :
>
> Maybe the vendor fixed the most obvious XSS first, and FrSIRT captured
> that fix, but then I found this new variant. I have a very vague
> recollection of testing more obvious XSS when the issue was first
> released.
>
>> I just checked the demo web site, it doesn't seem fixed:
>> If you follow what Steven M. Christey said, inserting "
>> onmouseover="javascript:alert('hi')" in the search box will work.
>> "At the invitation of the vendor to test the demo site, CVE was able to
>> verify
>> an XSS javascript event variant in the demo page."
>> kind regards,
>> Siegfried
>>
>>
>> Le Ven 12 mai 2006 12:44, Fr-SIRT a écrit :
>> > Hello,
>> >
>> > This vulnerability exists and has been fixed in an updated 1.5
>> version.
>> >
>> > http://www.frsirt.com/english/advisories/2006/1628
>> >
>> > Regards,
>> > Fr-SIRT
>> >
>>
>>
>
--
Zone-H Admin
admin at zone-h.fr
www.zone-h.org
www.zone-h.fr
More information about the VIM
mailing list