| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <75A45B1B-FE0F-4207-B49B-5B194B31CBD9@dxw.com> Date: Wed, 12 Aug 2015 12:27:09 +0100 From: dxw Security <security@....com> To: Christ van Willegen <cvwillegen@...il.com> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin) Ah yes - sorry about that. Should indeed be 2015-08-10 I’ve corrected in our published advisory: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ <https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/> Thanks for letting me know --- Duncan Stuart (@dgmstuart) Head of Products, dxw Exemplary web projects for the public sector http://dxw.com/ 07866 936 959 0345 257 7520 skype: dxwduncan > On 12 Aug 2015, at 08:08, Christ van Willegen <cvwillegen@...il.com> wrote: > > Hi all, > > On Mon, Aug 10, 2015 at 2:16 PM, dxw Security <security@....com> wrote: >> >> Timeline >> ================ >> >> 2015-07-21: Discovered >> 2015-07-22: Reported to vendor via email >> 2015-07-22: Requested CVE >> 2015-07-10: Vendor confirmed fixed in version 5.4.5 >> 2015-07-10: Published > > After the fact, of course, but I guess 2015-08-10 for 'vendor > confirmed' and 'published'? > > Christ van Willegen > -- > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists