[VIM] vendor ack/fix: Actinic Catalog Unspecified .pl Files XSS (fwd)

security curmudgeon jericho at attrition.org
Thu Jul 20 10:26:11 EDT 2006

---------- Forwarded message ----------
From: Bruce Townsend
To: moderators at osvdb.org
Cc: 'David Eldridge - Actinic Ecommerce solutions'
Date: Thu, 20 Jul 2006 12:00:01 +0100
Reply-To: moderators at osvdb.org
Subject: [OSVDB Mods] [Change Request] 27095: Actinic Catalog Unspecified .pl
     Files XSS


It has been pointed out to me that you are currently presenting incorrect
information on four of your web pages about security vulnerabilies in
Actinic Catalog:

'Currently, there are no known upgrades, patches, or workarounds available
to correct this issue.'

These security loopholes, which all relate to cross-site scripting, were
closed in a subsequent release. The fix is to upgrade to the latest version,
currently v7.0.6

The other IDs affected are 27096, 27097 and 27098

I would be grateful if these could be corrected.

Best regards

Bruce Townsend
Actinic Software Limited
  <http://www.actinic.co.uk/> www.actinic.co.uk

* Market-leading ecommerce software for small and medium businesses
* Professional ecommerce tools for web designers

   Globe House, Lavender Park Road, West Byfleet, Surrey, KT14 6ND, UK
   Tel: 0845 129 4800  |  Fax: 01932 358341

This email has been scanned for viruses by NetBenefit using Sophos anti-virus technology

More information about the VIM mailing list