Bugtraq mailing list archives
Re: Bosdev Multiple vulnerabilities
From: sales () bosdev com
Date: 13 Nov 2007 00:08:58 -0000
Actually, you've never emailed us. HTML is stripped from posts, with the exception of admin allowed tags. The username XSS issue is already being dealt with in the 6.1 release. Install.php won't do anything, unless you know the username/password/db name for the system. Admins are told to remove the file specifically for the reason listed above. Next time you say you have emailed someone, you might actually try doing it.
Current thread:
- Re: Bosdev Multiple vulnerabilities sales (Nov 13)