Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ColdFusion cross-site scripting security vulnerability of an error page

From: "T.H" <sec () v23 org>
Date: Tue, 23 Sep 2003 15:55:43 +0900
Thank you for an quick comment.


as i am sure they will do with yours, as they think XSS is not
a security issue.


It is the unhappy situation for their ( macromedia's ) customers.

In my case , they ( macromedia ) have said that it was "Important" 
rating matter as their security ratings.

http://www.macromedia.com/devnet/security/security_zone/severity_ratings.
html

I think that they got to understand about the danger of XSS.


T.Hara , Scan Security Wire http://www.scan-web.com/ .
http://www.scan-web.com/jvi/index.cgi




they ( Macromedia ) downplayed this..
http://nothackers.org/pipermail/0day/2003-June/000028.html
http://nothackers.org/pipermail/0day/2003-June/000029.html
http://nothackers.org/pipermail/0day/2003-June/000030.html
as i am sure they will do with yours, as they think XSS is not
a security issue.

D. Werner
CTO E2 Labs Infosec
http://e2-labs.com

----- Original Message -----
From: <sec () v23 org>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, September 23, 2003 10:39 AM
Subject: [Full-disclosure] ColdFusion cross-site scripting security
vulnerability of an error page




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: