[VIM] [Fwd: Speartek XSS vuln.]
jkouns
jkouns at opensecurityfoundation.org
Sat Dec 31 02:47:16 EST 2005
I posted a comment on r0t's site asking for more information.
Lets see what happens..
--Jake
jkouns teica...
Can you confirm which Speartek product is affected? They appear to have
quite a few different products.
Or is the XSS you are referring to only in the search module on the
Speaktek website?
http://www.speartek.com/Content/453.htm
security curmudgeon wrote:
> With his 'search module' vulnerabilities, I have wondered this a few
> times. I'm curious if he is slapping some standard XSS code into the
> search engine on the main vendor site, then listing the product and
> version offered as 'vulnerable' without testing them. It's fairly clear he
> isn't downloading half these products (or any), rather he tests demo sites
> or the vendor's installation.
>
> The fact that he doesn't include a script name or variable name is
> discouraging and really calls into question his ability to find
> vulnerabilities.
More information about the VIM
mailing list