[VIM] PHPShop 'name_new' Parameter Cross Site Scripting Vulnerability

rkeith rkeith at securityfocus.com
Wed Nov 10 16:00:40 CST 2010

Hey George,

Looks like the vendor is phpshop.ru. We will have the BID updated.


On 11/10/2010 01:00 PM, George A. Theall wrote:
> FYI: I think Bugtraq id 44763 lists as the vendor www.phpshop.org as
> claims version 2.1 EE is affected. If you go to that link, though,
> you're redirected to a Google Code project page saying the project is no
> longer active and featuring a download for version 0.8.1. There's no
> mention in the distribution file for that version of the 'name_new'
> parameter.
> Rob, how was it you folks at SecurityFocus determined the vendor here? I
> don't see it mentioned anywhere in mustlive's post to Bugtraq.
> George

More information about the VIM mailing list