BugTraq
Back to list
|
Post reply
XSS vulnerability in Expression CMS
Oct 08 2010 02:21PM
advisory htbridge ch
(1 replies)
Re: XSS vulnerability in Expression CMS
Dec 17 2010 12:36AM
security curmudgeon (jericho attrition org)
: Vulnerability ID: HTB22618
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.ht
ml
: Product: Expression
: Vendor: Backbone Technology ( http://www.backbonetechnology.com )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
How do you know you tested a current version? The vendor web site does not
list a current version on the page:
http://www.backbonetechnology.com/expression/
They do not appear to offer a demo, and it seemingly requires a
consultation to purchase. They do list who is running it:
http://www.backbonetechnology.com/portfolio/
Did you test one of their customers' live sites to find this
vulnerability? If so, again, how do you not know the version you tested?
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
: Vulnerability ID: HTB22618
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.ht
ml
: Product: Expression
: Vendor: Backbone Technology ( http://www.backbonetechnology.com )
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions
How do you know you tested a current version? The vendor web site does not
list a current version on the page:
http://www.backbonetechnology.com/expression/
They do not appear to offer a demo, and it seemingly requires a
consultation to purchase. They do list who is running it:
http://www.backbonetechnology.com/portfolio/
Did you test one of their customers' live sites to find this
vulnerability? If so, again, how do you not know the version you tested?
[ reply ]