[VIM] [Fwd: [OSVDB Mods] [Change Request] 22068: Speartek Search Module XSS]

[jkouns]

-------- Original Message --------
Subject: [OSVDB Mods] [Change Request] 22068: Speartek Search Module XSS
Date: Tue, 07 Nov 2006 10:59:17 -0500
From: Jesse Heady <jheady at speartek.com>
Reply-To: moderators at osvdb.org
To: moderators at osvdb.org

This is an official Speartek response to this posted XSS vulnerability.
We are aware of numerous existing script vulnerabilities and exploits
and stand by the security of our system and our ability to address
these.  This particular exploit is not particularly serious as no
sensitive or private user information is ever held within cookies during
our checkout process.  All user information and client information is
secure in our platform.  We take all security threats quite seriously
and view the efforts of the author of this particular exploit as harmful
to our professional image.  This is especially important to note because
the particular script vulnerability that has been raised poses no real
threat to the stability or security of our systems.  Again, we are
formally responding to this posted cross-site script vulnerability to
communicate that we take all such potential security issues very
seriously and this particular issue has been addressed.  Thank you.

-- 
Jesse Heady
Website Development & Support,
SpearTek, Inc.