[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSS vulnerability in CompuCMS

To: advisory@xxxxxxxxxxx
Subject: Re: XSS vulnerability in CompuCMS
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Tue, 28 Sep 2010 18:50:43 -0500 (CDT)

: Vulnerability ID: HTB22584
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_compucms.html
: Product: CompuCMS  
: Vendor: CompuSoft A/S ( http://www.compusoft.dk/ ) 
: Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions

Once again, you assign a "version" based on a date, not an actual product 
version. Your language of "probably prior versions" indicates that you 
don't even realize what you are testing, and can't figure out the basics 
of the software.

According to the vendor:
http://www.compusoft.dk/index.asp?mode=produkt!compucms

This is a service, not a product. In the future, please indicate this in 
your advisories.

Prev by Date: [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference
Next by Date: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
Previous by thread: [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference
Next by thread: Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS
Index(es):
- Date
- Thread