| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030514174745.9630.qmail@www.securityfocus.com> Date: 14 May 2003 17:47:45 -0000 From: Kier Darby <kier@...lletin.com> To: bugtraq@...urityfocus.com Subject: Re: VBulletin Preview Message - XSS Vuln In-Reply-To: <004b01c319f8$c76cdc90$0b6aaec3@SS> >Message-ID: <004b01c319f8$c76cdc90$0b6aaec3@SS> >From: "Ferruh Mavituna" <ferruh@...ituna.com> >To: <bugtraq@...urityfocus.com> >Subject: VBulletin Preview Message - XSS Vuln >Date: Wed, 14 May 2003 12:11:11 +0300 >------------------------------------------------------ >VBulletin Private Message "Preview Message" XSS Vulnerability >------------------------------------------------------ >Any kind of XSS attacks possibility. > >------------------------------------------------------ >Vendor Status; >------------------------------------------------------ >I can not contact vendor for this issue ! No patch available at the moment; This bug was fixed within ten minutes of our being told about this report. As for claims that the reporter was unable to contact us, I am rather surprised - we have scoured our support ticket system which accepts all email for @vbulletin.com and found nothing, we have all checked our own email and found nothing, so I'm not sure how hard the reporter tried to contact us in actual fact. vBulletin 3 is not yet in public beta, so the number of sites affected will be extremely small, and in any case the fixed version is available for those customers who are part of the private beta to download. Kier Darby Product Manager, vBulletin
Powered by blists - more mailing lists