| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <89C3819FB4E7FEsec@v23.org> From: sec at v23.org (T.H) Subject: ColdFusion cross-site scripting security vulnerability of an error page Thank you for an quick comment. >as i am sure they will do with yours, as they think XSS is not >a security issue. It is the unhappy situation for their ( macromedia's ) customers. In my case , they ( macromedia ) have said that it was "Important" rating matter as their security ratings. http://www.macromedia.com/devnet/security/security_zone/severity_ratings. html I think that they got to understand about the danger of XSS. T.Hara , Scan Security Wire http://www.scan-web.com/ . http://www.scan-web.com/jvi/index.cgi >they ( Macromedia ) downplayed this.. >http://nothackers.org/pipermail/0day/2003-June/000028.html >http://nothackers.org/pipermail/0day/2003-June/000029.html >http://nothackers.org/pipermail/0day/2003-June/000030.html >as i am sure they will do with yours, as they think XSS is not >a security issue. > >D. Werner >CTO E2 Labs Infosec >http://e2-labs.com > >----- Original Message ----- >From: <sec@....org> >To: <full-disclosure@...ts.netsys.com> >Sent: Tuesday, September 23, 2003 10:39 AM >Subject: [Full-Disclosure] ColdFusion cross-site scripting security >vulnerability of an error page > >
Powered by blists - more mailing lists