[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] XSS and CS vulnerabilities in aCMS

To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] XSS and CS vulnerabilities in aCMS
From: Henri Salo <henri@xxxxxxx>
Date: Thu, 1 Aug 2013 17:41:41 +0300

On Thu, Aug 01, 2013 at 04:11:31PM +0300, MustLive wrote:
> ------------
> Timeline:
> ------------
> 
> 2013.03.04 - informed developers about part of the vulnerabilities.
> 2013.04.03 - informed developers about another part of the vulnerabilities.
> 2013.04.07 - informed developers about another part of the vulnerabilities.
> 2013.05.24 - announced at my site.
> 2013.05.25 - informed developers about another part of the vulnerabilities.
> 2013.05.26 - informed developers about another part of the
> vulnerabilities. In all cases the developers just ignored all
> messages via different e-mails and contact form.
> 2013.07.31 - disclosed at my site (http://websecurity.com.ua/6535/).

How did vendor ignore you in 2013.05.26 entry exactly?

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] XSS and CS vulnerabilities in aCMS
  - From: MustLive

Prev by Date: Re: [Full-disclosure] XKeyscore sees 'nearly EVERYTHING you do online
Next by Date: Re: [Full-disclosure] XKeyscore sees 'nearly EVERYTHING you do online
Previous by thread: [Full-disclosure] XSS and CS vulnerabilities in aCMS
Next by thread: [Full-disclosure] Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Index(es):
- Date
- Thread