| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LNX.2.00.1012161831390.10111@forced.attrition.org> Date: Thu, 16 Dec 2010 18:36:45 -0600 (CST) From: security curmudgeon <jericho@...rition.org> To: advisory@...ridge.ch Cc: bugtraq@...urityfocus.com Subject: Re: XSS vulnerability in Expression CMS : Vulnerability ID: HTB22618 : Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.html : Product: Expression : Vendor: Backbone Technology ( http://www.backbonetechnology.com ) : Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions How do you know you tested a current version? The vendor web site does not list a current version on the page: http://www.backbonetechnology.com/expression/ They do not appear to offer a demo, and it seemingly requires a consultation to purchase. They do list who is running it: http://www.backbonetechnology.com/portfolio/ Did you test one of their customers' live sites to find this vulnerability? If so, again, how do you not know the version you tested?
Powered by blists - more mailing lists