[VIM] Legitimate spelling diffs in Claroline report; XSS unfixed?

Steven M. Christey coley at mitre.org
Mon May 2 17:08:44 EDT 2005


 BUGTRAQ:20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline

The reporters list "exercise_result.php" and "exercice_submit.php",
which might suggest a spelling discrepancy or typo ("exercise"
vs. "exercice") but the CVS logs for Claroline indicate that this
discrepancy is legit:


The CVS log for exercise_result.php does not include any recent mods
that specifically mention XSS, nor do the changes show typical XSS
protections, and yet it is mentioned by the original researchers as an
attack vector.  Possibly a library problem?

- Steve

More information about the VIM mailing list