[VIM] vendor dispute of CVE-2005-3066 (fwd)
Steven M. Christey
coley at linus.mitre.org
Wed Nov 2 20:17:35 EST 2005
On Wed, 2 Nov 2005, Stuart Moore wrote:
> This vendor does not understand XSS, stating that it is only a problem
> when a product *stores* information :-(
> I confirmed the bug in 2.01.
> Perhaps some education is in order ...
I mentioned reflected XSS and pointed them to the OWASP Top Ten
description of it. We'll see what happens next.
I neglected to tell them how Donnie Werner is frequently right, but I'm
not sure it would have been helpful.
More information about the VIM