[VIM] 22068: Speartek Search Module XSS (fwd)

security curmudgeon jericho at attrition.org
Wed Aug 30 22:48:53 EDT 2006



---------- Forwarded message ----------
From: Danny DuVal
To: moderators at osvdb.org
Date: Wed, 30 Aug 2006 16:57:23 -0400
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] [Change Request] 22068: Speartek Search Module XSS

To whom it may concern:

    Regarding http://www.osvdb.org/22068, we are in the process of addressing 
this and closing the hole that is claimed.  While XSS can be executed on 
certain things suck as search pages, things such as login scripts are not 
susceptible to XSS injections.  Even though cookies don't store any user 
pertinent information we do desire to not have links such as the one above 
appear immediately after our search results.
   If someone could connect me with someone I could coordinate with once a 
working solution is up and running so that a solution can be verified I would 
very much appreciate it.

Thank you,
Danny DuVal
Application Developer
Speartek, Inc


More information about the VIM mailing list