[VIM] CVE-2006-1854 (Bluepay) vendor dispute

Steven M. Christey coley at linus.mitre.org
Fri May 12 17:26:46 EDT 2006

Following the traditional Friday dispute pattern...  I have not
investigated yet.

a r0t production.

- Steve

---------- Forwarded message ----------
Date: Fri, 12 May 2006 15:54:11 -0500
From: Chris Jansen
To: cve at mitre.org
Cc: nvd at nist.gov
Subject: CVE-2006-1854 - Dispute

To Whom it May Concern,

  As an authorized representative of Bluepay, Inc, as well as the primary
programmer on the Bluepay staff, I'd like to formally dispute CVE-2006-1854,
which reads as follows:

"Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0
and earlier allow remote attackers to inject arbitrary web script or HTML
during a login action via the (1) Account Name and (2) Username field."

Reference: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1854

I doubt this vulnerability ever existed, but assuming it did exist at some
point, it does not exist currently in the Bluepay 2.0 product.

Please let me know what steps I can take next to have this entry listed as
vendor-disputed, or outright incorrect information.

-Chris Jansen

Senior Analyst
Bluepay, Inc
184 N Shuman Blvd
Naperville, IL 60563

More information about the VIM mailing list