Re: CSS found in Movable Type

ben_at_sixapart.com
Date: 05/12/03

Next message: Dave Palumbo: "XSS In Neoteris IVE Allows Session Hijacking"

Previous message: Jordan Wiens: "Re: CSS found in Movable Type"
Maybe in reply to: DarkHunter: "CSS found in Movable Type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 12 May 2003 21:38:34 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030512182659.16940.qmail@www.securityfocus.com>

Regarding the potential XSS vulnerability discussed in
DarkHunter's message, Movable Type was updated to prevent this
possible exploit on February 13, with the release of version 2.6 of
the sofware. In addition, all of our users were alerted to the
potential of a security issue and urged to update to the newer
version. Our current version is 2.63, downloadable at http://
www.movabletype.org, and it prevents this exploit by default, as
noted by Jordan Wiens in his follow-up message.

Next message: Dave Palumbo: "XSS In Neoteris IVE Allows Session Hijacking"

Previous message: Jordan Wiens: "Re: CSS found in Movable Type"
Maybe in reply to: DarkHunter: "CSS found in Movable Type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]