[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] ColdFusion cross-site scripting security vulnerability of an error page
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] ColdFusion cross-site scripting security vulnerability of an error page
- From: "T.H" <sec@xxxxxxx>
- Date: Tue, 23 Sep 2003 15:55:43 +0900
Thank you for an quick comment.
>as i am sure they will do with yours, as they think XSS is not
>a security issue.
It is the unhappy situation for their ( macromedia's ) customers.
In my case , they ( macromedia ) have said that it was "Important"
rating matter as their security ratings.
http://www.macromedia.com/devnet/security/security_zone/severity_ratings.
html
I think that they got to understand about the danger of XSS.
T.Hara , Scan Security Wire http://www.scan-web.com/ .
http://www.scan-web.com/jvi/index.cgi
>they ( Macromedia ) downplayed this..
>http://nothackers.org/pipermail/0day/2003-June/000028.html
>http://nothackers.org/pipermail/0day/2003-June/000029.html
>http://nothackers.org/pipermail/0day/2003-June/000030.html
>as i am sure they will do with yours, as they think XSS is not
>a security issue.
>
>D. Werner
>CTO E2 Labs Infosec
>http://e2-labs.com
>
>----- Original Message -----
>From: <sec@xxxxxxx>
>To: <full-disclosure@xxxxxxxxxxxxxxxx>
>Sent: Tuesday, September 23, 2003 10:39 AM
>Subject: [Full-Disclosure] ColdFusion cross-site scripting security
>vulnerability of an error page
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html