[VIM] CVE-2006-1854 (Bluepay) vendor dispute
Steven M. Christey
coley at linus.mitre.org
Fri May 12 17:26:46 EDT 2006
Following the traditional Friday dispute pattern... I have not
investigated yet.
a r0t production.
- Steve
---------- Forwarded message ----------
Date: Fri, 12 May 2006 15:54:11 -0500
From: Chris Jansen
To: cve at mitre.org
Cc: nvd at nist.gov
Subject: CVE-2006-1854 - Dispute
To Whom it May Concern,
As an authorized representative of Bluepay, Inc, as well as the primary
programmer on the Bluepay staff, I'd like to formally dispute CVE-2006-1854,
which reads as follows:
"Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0
and earlier allow remote attackers to inject arbitrary web script or HTML
during a login action via the (1) Account Name and (2) Username field."
Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1854
I doubt this vulnerability ever existed, but assuming it did exist at some
point, it does not exist currently in the Bluepay 2.0 product.
Please let me know what steps I can take next to have this entry listed as
vendor-disputed, or outright incorrect information.
-Chris Jansen
630-723-4093
Senior Analyst
Bluepay, Inc
184 N Shuman Blvd
Naperville, IL 60563
More information about the VIM
mailing list