[VIM] CVE-2006-2642 / OSVDB 25785 - vendor ack

security curmudgeon jericho at attrition.org
Wed Jun 14 03:32:51 EDT 2006


** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or 
actionable details. Cross-site scripting (XSS) vulnerability in Marco M. 
F. De Santis Php- residence 0.6 and earlier allows remote attackers to 
inject arbitrary web script or HTML via "any of its input." NOTE: the 
original disclosure is based on vague researcher claims without vendor 
acknowledgement; therefore this identifier cannot be linked with any 
future identifier that identifies more specific vectors. Perhaps this 
should not be included in CVE.


0.6.1 (31/05/2006)
-security bug: htmlspecialchars for input from normal users when inserted
   in database

More information about the VIM mailing list