Full Disclosure mailing list archives
Re: posting xss notifications in sites vs software packages
From: Luis Santana <hacktalkblog () gmail com>
Date: Wed, 8 Feb 2012 08:55:37 -0500
Typically you will run into instances where a website is employing a custom CMS/plugin/module/whatever and as such there may not be a specific software to call out as the one at fault. It's like finding an XSS in Microsoft, 99% chance they are running their own custom CMS so at that point you are just left with saying that Microsoft is vulnerable to XSS as there is no name to the software at hand. On Tue, Feb 7, 2012 at 6:18 PM, b <b () advisoryalerts com> wrote:
What is the point of posting notifications of XSS vulnerabilities in specific web sites instead of alerts of xss vulns in specific software packages? This question was prompted by all the postings by that vulnerability lab stuff. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- posting xss notifications in sites vs software packages b (Feb 08)
- Re: posting xss notifications in sites vs software packages Luis Santana (Feb 08)
- Re: posting xss notifications in sites vs software packages Packet Storm (Feb 08)
- Re: posting xss notifications in sites vs software packages Info (Feb 08)
- Re: posting xss notifications in sites vs software packages Valdis . Kletnieks (Feb 08)
- Re: posting xss notifications in sites vs software packages Luis Santana (Feb 08)
- Re: posting xss notifications in sites vs software packages Info (Feb 10)
- Re: posting xss notifications in sites vs software packages Info (Feb 08)
- Re: posting xss notifications in sites vs software packages Greg Knaddison (Feb 08)