Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)

From: dxw Security <security () dxw com>
Date: Wed, 12 Aug 2015 12:27:09 +0100
Ah yes - sorry about that. Should indeed be 2015-08-10

I’ve corrected in our published advisory: 
https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ 
<https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/>

Thanks for letting me know
---
Duncan Stuart (@dgmstuart)

Head of Products, dxw

Exemplary web projects for the public sector

http://dxw.com/
  
07866 936 959
0345 257 7520
skype: dxwduncan


On 12 Aug 2015, at 08:08, Christ van Willegen <cvwillegen () gmail com> wrote:

Hi all,

On Mon, Aug 10, 2015 at 2:16 PM, dxw Security <security () dxw com> wrote:


Timeline
================

2015-07-21: Discovered
2015-07-22: Reported to vendor via email
2015-07-22: Requested CVE
2015-07-10: Vendor confirmed fixed in version 5.4.5
2015-07-10: Published


After the fact, of course, but I guess 2015-08-10 for 'vendor
confirmed' and 'published'?

Christ van Willegen
-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: