[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
- To: Christ van Willegen <cvwillegen@xxxxxxxxx>
- Subject: Re: [FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
- From: dxw Security <security@xxxxxxx>
- Date: Wed, 12 Aug 2015 12:27:09 +0100
Ah yes - sorry about that. Should indeed be 2015-08-10
I’ve corrected in our published advisory:
https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/
<https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/>
Thanks for letting me know
---
Duncan Stuart (@dgmstuart)
Head of Products, dxw
Exemplary web projects for the public sector
http://dxw.com/
07866 936 959
0345 257 7520
skype: dxwduncan
> On 12 Aug 2015, at 08:08, Christ van Willegen <cvwillegen@xxxxxxxxx> wrote:
>
> Hi all,
>
> On Mon, Aug 10, 2015 at 2:16 PM, dxw Security <security@xxxxxxx> wrote:
>>
>> Timeline
>> ================
>>
>> 2015-07-21: Discovered
>> 2015-07-22: Reported to vendor via email
>> 2015-07-22: Requested CVE
>> 2015-07-10: Vendor confirmed fixed in version 5.4.5
>> 2015-07-10: Published
>
> After the fact, of course, but I guess 2015-08-10 for 'vendor
> confirmed' and 'published'?
>
> Christ van Willegen
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/