[VIM] VMware vendor advisory page
Stuart Moore
smoore at securityglobal.net
Thu Dec 29 02:04:40 EST 2005
The wording does sound like XSS because of the "in the browser" part.
VMware uses the same lousy knowledge base system as APC. It doesn't
make the date of the entry really obvious, but after looking at the
URLs, I noticed there is a parameter in the URL called 'p_created' which
has a UNIX timestamp value. It doesn't look like it is the publish
date, but maybe there is typically a delay between entry creation and
publishing. I'm not familiar with the KB system they use.
Stuart
Steven M. Christey wrote:
> The thing that prompted me on this was this:
>
> http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001
>
> which FRSIRT:ADV-2005-3084 seems to think is XSS although it's not clear
> why.
>
> - Steve
>
More information about the VIM
mailing list