[VIM] CVE-2006-2642 / OSVDB 25785 - vendor ack
jericho at attrition.org
Wed Jun 14 03:32:51 EDT 2006
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or
actionable details. Cross-site scripting (XSS) vulnerability in Marco M.
F. De Santis Php- residence 0.6 and earlier allows remote attackers to
inject arbitrary web script or HTML via "any of its input." NOTE: the
original disclosure is based on vague researcher claims without vendor
acknowledgement; therefore this identifier cannot be linked with any
future identifier that identifies more specific vectors. Perhaps this
should not be included in CVE.
-security bug: htmlspecialchars for input from normal users when inserted
More information about the VIM