[VIM] [Fwd: Speartek XSS vuln.]

jkouns jkouns at opensecurityfoundation.org
Sat Dec 31 02:47:16 EST 2005

I posted a comment on r0t's site asking for more information.
Lets see what happens..

jkouns teica...

Can you confirm which Speartek product is affected? They appear to have 
quite a few different products.

Or is the XSS you are referring to only in the search module on the 
Speaktek website?

security curmudgeon wrote:
> With his 'search module' vulnerabilities, I have wondered this a few 
> times. I'm curious if he is slapping some standard XSS code into the 
> search engine on the main vendor site, then listing the product and 
> version offered as 'vulnerable' without testing them. It's fairly clear he 
> isn't downloading half these products (or any), rather he tests demo sites 
> or the vendor's installation.
> The fact that he doesn't include a script name or variable name is 
> discouraging and really calls into question his ability to find 
> vulnerabilities.

More information about the VIM mailing list