[VIM] Legitimate spelling diffs in Claroline report; XSS unfixed?
jericho at attrition.org
Sun May 8 02:36:28 EDT 2005
: BUGTRAQ:20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline
: The reporters list "exercise_result.php" and "exercice_submit.php",
: which might suggest a spelling discrepancy or typo ("exercise"
: vs. "exercice") but the CVS logs for Claroline indicate that this
: discrepancy is legit:
: The CVS log for exercise_result.php does not include any recent mods
: that specifically mention XSS, nor do the changes show typical XSS
: protections, and yet it is mentioned by the original researchers as an
: attack vector. Possibly a library problem?
I had held off splitting this out on OSVDB so I could examine the
changelog and other vendor information.
I'll add this to my to-do list and may end up waiting this out a bit more
until I can find more confirmation.
More information about the VIM