[VIM] [Change Request] 24264: ConfTool index.php page Variable XSS (fwd)

security curmudgeon jericho at attrition.org
Wed Sep 27 17:28:56 EDT 2006


1.3.1 is the current version based on the demo linked off the vendor page.

---------- Forwarded message ----------
From: Harald Weinreich
To: moderators at osvdb.org
Date: Thu, 21 Sep 2006 20:34:04 +0200
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] [Change Request] 24264: ConfTool index.php page Variable
     XSS

Hi,

   I removed that problem about half a year ago. Current versions check
   the page value as well as all outputs are html escaped.

Gruß
Harald Weinreich

-- 
Dipl.-Inform.
Harald Weinreich
Am Papenbrack 1
D-21109 Hamburg
Tel. +49 (0)40 7509079
Fax. +49 (0)40 75062679

mailto:
http://weinreichs.de/

PGP-Key              95FEC271
________________________________________________


More information about the VIM mailing list