[VIM] Helm Control Panel followup
security curmudgeon
jericho at attrition.org
Mon Mar 27 11:22:35 EST 2006
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: WebHost Automation Ltd <sales at webhostautomation.com>
Date: Mon, 27 Mar 2006 11:22:10 -0500 (EST)
Subject: Re: Your account details (WHA15946)
Hello,
I signed up to be able to mail support a question regarding your product,
but it says that since I don't have a contract I can't do that. Hopefully
you will be able to forward this on to the appropriate people.
Recently, a few security vulnerabilities were reported in one of your
products:
http://pridels.blogspot.com/2006/03/helm-web-hosting-control-panel-xss.html
The above reports says there are some cross-site scripting (XSS) issues in
default.asp. This report says that 3.2.10 is vulnerable but I noticed the
product history lists the following:
http://www.webhostautomation.com/webhost-301
3.2.6
Fixed XSS entry in default page
Can you confirm these are seperate issues? Does this changelog entry note
a previous (but different) cross-site scripting issue?
Thanks,
Brian
More information about the VIM
mailing list