[VIM] About CVE-2005-4481 (dispute) (fwd)
Steven M. Christey
coley at linus.mitre.org
Tue Oct 3 13:15:07 EDT 2006
FYI, I think this was already forwarded here or elsewhere, but just in
---------- Forwarded message ----------
Date: Tue, 03 Oct 2006 15:11:13 +0200
From: "[ISO-8859-1] Jörgen Rydenius"
To: cve at mitre.org
Cc: nvd at nist.gov
Subject: About CVE-2005-4481 (dispute)
Hi. CVE-2005-4481 is concerned with "XSS vulnerability in Polopoly 9 and
earlier". I have some more information about this issue:
1. The XSS flaw described was only part of the custom implementation of
the http://www.polopoly.com/ site. It was never part of any version of
any Polopoly product, nor delivered to any of Polopoly's customers.
2. The XSS flaw that existed (the search form in the upper right corner)
on the www.polopoly.com site has been fixed.
3. When www.polopoly.com had the XSS flaw it was based on Polopoly 8.6.
Polopoly 9.x was never involved what so ever in this issue. And as I
said earlier, the flaw was not part of Polopoly 8.6 either, it was only
in custom implementation code of the www.polopoly.com site.
4. The www.polopoly.com site is not personalized nor permission
controlled, so there was no information of any value to steal by
exploiting the XSS flaw.
Regards, Jörgen Rydenius (Polopoly employee)
Polopoly - Cultivating the information garden
Kungsgatan 88, SE-112 27 Stockholm, SWEDEN
More information about the VIM