[VIM] The disappearing iPostMX 2005 SQL injection issue

Steven M. Christey coley at linus.mitre.org
Mon Jun 19 17:45:10 EDT 2006


On Mon, 19 Jun 2006, security curmudgeon wrote:

> On 2006-06-16, I created two entries in OSVDB for iPostMX cross-site
> scripting issues.
>
> 26522: iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
> 26523: iPostMX 2005 account.cfm RETURNURL Variable XSS
>
> At the time, the pridels advisory contained no mention of SQL injection
> vulnerabilities.

The CVE analyst examined the issue at 8 AM on the 16th.  He's not around,
otherwise I'd ask him where he saw it :)

> Currently, the advisory loads fine for me

Oh, it loads fine, but the front page doesn't load correctly for me -
looks like it's my browser, though.

- Steve


More information about the VIM mailing list