| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Aug 2015 12:34:58 +0200 From: "Curesec Research Team (CRT)" <crt@...esec.com> To: fulldisclosure@...lists.org Subject: Re: [FD] ModX Revolution 2.3.5 - Reflected XSS - Fixed Versions Released Update: CRT was informed that a fixed version of ModX Revolution was released on 08/18/2015. Updated parts of the advisory: ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: 2.4.0 and 2.3.6 Fixed Version Link: http://modx.com/download/direct/modx-2.4.0-pl.zip Vendor Contact: hello@...x.com Vulnerability Type: Reflected XSS Remote Exploitable: Yes Reported to vendor: 07/14/2015 Disclosed to public: 08/17/2015 Release mode: Full disclosure CVE: n/a Credits Tim Coen of Curesec GmbH [...] 5. Report Timeline 07/14/2015 Informed Vendor about Issue (no reply) 08/13/2015 Contacted Vendor again (no reply) 08/17/2015 Disclosed to public 08/18/2015 Vendor releases fixed versions 2.4.0 and 2.3.6 6. Blog Reference: http://blog.curesec.com/article/blog/ModX-Revolution-235-pl-Reflected-Cross-Site-Scripting-Vulnerability-43.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists