[VIM] PHPShop 'name_new' Parameter Cross Site Scripting Vulnerability
George A. Theall
theall at tenable.com
Wed Nov 10 14:00:50 CST 2010
FYI: I think Bugtraq id 44763 lists as the vendor www.phpshop.org as
claims version 2.1 EE is affected. If you go to that link, though,
you're redirected to a Google Code project page saying the project is
no longer active and featuring a download for version 0.8.1. There's
no mention in the distribution file for that version of the 'name_new'
parameter.
Rob, how was it you folks at SecurityFocus determined the vendor here?
I don't see it mentioned anywhere in mustlive's post to Bugtraq.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list