| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: Phorum HTML Injection Vulnerability |
| From: | brian@phorum.org |
| Date: | 29 Jan 2007 20:22:43 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
I have emailed this reporter about this already. Other than allowing characters such as " and >< in a user name, there is nothing vulnerable about this page. The characters are escaped properly on this page when there is an error. I have asked for more information about this issue both via email and on our own bug tracking system. I have received no reply so far. Phorum 5.1.18 did include a FIX for an XSS issue. But, it does not appear that this reporter is referring to that. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | AdMentor (banners) admin SQL injection, sn0oPy . team |
|---|---|
| Next by Date: | Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski |
| Previous by Thread: | Phorum HTML Injection Vulnerability, DoZ |
| Next by Thread: | gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability, trzindan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |