[VIM] PHPShop 'name_new' Parameter Cross Site Scripting Vulnerability

George A. Theall theall at tenable.com
Wed Nov 10 14:00:50 CST 2010

FYI: I think Bugtraq id 44763 lists as the vendor www.phpshop.org as  
claims version 2.1 EE is affected. If you go to that link, though,  
you're redirected to a Google Code project page saying the project is  
no longer active and featuring a download for version 0.8.1. There's  
no mention in the distribution file for that version of the 'name_new'  

Rob, how was it you folks at SecurityFocus determined the vendor here?  
I don't see it mentioned anywhere in mustlive's post to Bugtraq.

theall at tenablesecurity.com

More information about the VIM mailing list