[VIM] vendor dispute of CVE-2005-3066 (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Nov 2 20:17:35 EST 2005

On Wed, 2 Nov 2005, Stuart Moore wrote:

> This vendor does not understand XSS, stating that it is only a problem
> when a product *stores* information :-(
> I confirmed the bug in 2.01.
> Perhaps some education is in order ...

I mentioned reflected XSS and pointed them to the OWASP Top Ten
description of it.  We'll see what happens next.

I neglected to tell them how Donnie Werner is frequently right, but I'm
not sure it would have been helpful.

- Steve

More information about the VIM mailing list