Re: [Full-Disclosure] ColdFusion cross-site scripting security vulnerability of an error page

From: T.H (sec_at_v23.org)
Date: 09/23/03

  • Next message: felix.roennebeck_at_gaussvip.com: "Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 23 Sep 2003 15:55:43 +0900

    Thank you for an quick comment.

    >as i am sure they will do with yours, as they think XSS is not
    >a security issue.

    It is the unhappy situation for their ( macromedia's ) customers.

    In my case , they ( macromedia ) have said that it was "Important"
    rating matter as their security ratings.

    http://www.macromedia.com/devnet/security/security_zone/severity_ratings.
    html

    I think that they got to understand about the danger of XSS.

    T.Hara , Scan Security Wire http://www.scan-web.com/ .
    http://www.scan-web.com/jvi/index.cgi

    >they ( Macromedia ) downplayed this..
    >http://nothackers.org/pipermail/0day/2003-June/000028.html
    >http://nothackers.org/pipermail/0day/2003-June/000029.html
    >http://nothackers.org/pipermail/0day/2003-June/000030.html
    >as i am sure they will do with yours, as they think XSS is not
    >a security issue.
    >
    >D. Werner
    >CTO E2 Labs Infosec
    >http://e2-labs.com
    >
    >----- Original Message -----
    >From: <sec@v23.org>
    >To: <full-disclosure@lists.netsys.com>
    >Sent: Tuesday, September 23, 2003 10:39 AM
    >Subject: [Full-Disclosure] ColdFusion cross-site scripting security
    >vulnerability of an error page
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: felix.roennebeck_at_gaussvip.com: "Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new"

    Relevant Pages