[VIM] Legitimate spelling diffs in Claroline report; XSS unfixed?
Steven M. Christey
coley at mitre.org
Mon May 2 17:08:44 EDT 2005
BUGTRAQ:20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline
The reporters list "exercise_result.php" and "exercice_submit.php",
which might suggest a spelling discrepancy or typo ("exercise"
vs. "exercice") but the CVS logs for Claroline indicate that this
discrepancy is legit:
The CVS log for exercise_result.php does not include any recent mods
that specifically mention XSS, nor do the changes show typical XSS
protections, and yet it is mentioned by the original researchers as an
attack vector. Possibly a library problem?
More information about the VIM