BugTraq
Back to list
|
Post reply
Re: VBulletin Preview Message - XSS Vuln
May 14 2003 05:47PM
Kier Darby (kier vbulletin com)
In-Reply-To: <004b01c319f8$c76cdc90$0b6aaec3@SS>
>Message-ID: <004b01c319f8$c76cdc90$0b6aaec3@SS>
>From: "Ferruh Mavituna" <ferruh (at) mavituna (dot) com [email concealed]>
>To: <bugtraq (at) securityfocus (dot) com [email concealed]>
>Subject: VBulletin Preview Message - XSS Vuln
>Date: Wed, 14 May 2003 12:11:11 +0300
>------------------------------------------------------
>VBulletin Private Message "Preview Message" XSS Vulnerability
>------------------------------------------------------
>Any kind of XSS attacks possibility.
>
>------------------------------------------------------
>Vendor Status;
>------------------------------------------------------
>I can not contact vendor for this issue ! No patch available at the
moment;
This bug was fixed within ten minutes of our being told about this report.
As for claims that the reporter was unable to contact us, I am rather
surprised - we have scoured our support ticket system which accepts all
email for @vbulletin.com and found nothing, we have all checked our own
email and found nothing, so I'm not sure how hard the reporter tried to
contact us in actual fact.
vBulletin 3 is not yet in public beta, so the number of sites affected
will be extremely small, and in any case the fixed version is available
for those customers who are part of the private beta to download.
Kier Darby
Product Manager, vBulletin
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>Message-ID: <004b01c319f8$c76cdc90$0b6aaec3@SS>
>From: "Ferruh Mavituna" <ferruh (at) mavituna (dot) com [email concealed]>
>To: <bugtraq (at) securityfocus (dot) com [email concealed]>
>Subject: VBulletin Preview Message - XSS Vuln
>Date: Wed, 14 May 2003 12:11:11 +0300
>------------------------------------------------------
>VBulletin Private Message "Preview Message" XSS Vulnerability
>------------------------------------------------------
>Any kind of XSS attacks possibility.
>
>------------------------------------------------------
>Vendor Status;
>------------------------------------------------------
>I can not contact vendor for this issue ! No patch available at the
moment;
This bug was fixed within ten minutes of our being told about this report.
As for claims that the reporter was unable to contact us, I am rather
surprised - we have scoured our support ticket system which accepts all
email for @vbulletin.com and found nothing, we have all checked our own
email and found nothing, so I'm not sure how hard the reporter tried to
contact us in actual fact.
vBulletin 3 is not yet in public beta, so the number of sites affected
will be extremely small, and in any case the fixed version is available
for those customers who are part of the private beta to download.
Kier Darby
Product Manager, vBulletin
[ reply ]