Full Disclosure mailing list archives
Re: ColdFusion cross-site scripting security vulnerability of an error page
From: "T.H" <sec () v23 org>
Date: Tue, 23 Sep 2003 15:55:43 +0900
Thank you for an quick comment.
as i am sure they will do with yours, as they think XSS is not a security issue.
It is the unhappy situation for their ( macromedia's ) customers. In my case , they ( macromedia ) have said that it was "Important" rating matter as their security ratings. http://www.macromedia.com/devnet/security/security_zone/severity_ratings. html I think that they got to understand about the danger of XSS. T.Hara , Scan Security Wire http://www.scan-web.com/ . http://www.scan-web.com/jvi/index.cgi
they ( Macromedia ) downplayed this.. http://nothackers.org/pipermail/0day/2003-June/000028.html http://nothackers.org/pipermail/0day/2003-June/000029.html http://nothackers.org/pipermail/0day/2003-June/000030.html as i am sure they will do with yours, as they think XSS is not a security issue. D. Werner CTO E2 Labs Infosec http://e2-labs.com ----- Original Message ----- From: <sec () v23 org> To: <full-disclosure () lists netsys com> Sent: Tuesday, September 23, 2003 10:39 AM Subject: [Full-disclosure] ColdFusion cross-site scripting security vulnerability of an error page
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ColdFusion cross-site scripting security vulnerability of an error page sec (Sep 22)
- Re: ColdFusion cross-site scripting security vulnerability of an error page morning_wood (Sep 23)
- Re: ColdFusion cross-site scripting security vulnerability of an error page T.H (Sep 23)
- Re: ColdFusion cross-site scripting security vulnerability of an error page morning_wood (Sep 23)