[VIM] OpenEdit XSS vendor dispute

security curmudgeon jericho at attrition.org
Sat Dec 24 13:03:54 UTC 2005


http://pridels.blogspot.com/2005/12/openedit-xss-vuln.html

1 Comments:

Anonymous teica...

     Hi There, I am the author of OpenEdit and I wanted to clarify. The 
page variable is just the page number. So it lets you jump from page 1 to 
page 100. If you pass in page -1 it will just generate an error. It is not 
a problem.
     The oe-action is possible more concern but we check for a user being 
logged in on most dangerous actions. So this is not considered a security 
problem either.

     8:29 PM


More information about the VIM mailing list