[VIM] [Change Request] 24264: ConfTool index.php page Variable XSS (fwd)
security curmudgeon
jericho at attrition.org
Wed Sep 27 17:28:56 EDT 2006
1.3.1 is the current version based on the demo linked off the vendor page.
---------- Forwarded message ----------
From: Harald Weinreich
To: moderators at osvdb.org
Date: Thu, 21 Sep 2006 20:34:04 +0200
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] [Change Request] 24264: ConfTool index.php page Variable
XSS
Hi,
I removed that problem about half a year ago. Current versions check
the page value as well as all outputs are html escaped.
Gruß
Harald Weinreich
--
Dipl.-Inform.
Harald Weinreich
Am Papenbrack 1
D-21109 Hamburg
Tel. +49 (0)40 7509079
Fax. +49 (0)40 75062679
mailto:
http://weinreichs.de/
PGP-Key 95FEC271
________________________________________________
More information about the VIM
mailing list