[Full-disclosure] VHCS 2.x HTTP Error Cross Site Scripting
Moritz Naumann
security at moritz-naumann.com
Thu Nov 24 17:04:22 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
InfoSecBOFH schrieb:
> Cool... so give me a real world attack scenario with this....
How to inject arbitrary client side code into this application using
this vulnerability is explained in the advisory. Web links to additional
sources explaining XSS are provided, too.
I do not think there is a requirement to provide proof that a
vulnerability is exploitable to publish it. At least, I can't find this
on the Full Disclosure charter.
If you need more information on this vulnerability, I propose you
aggregate it yourself, hire us or convince me to provide it for free.
Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDhfKWn6GkvSd/BgwRAjgoAJ0ctvWyFsC3C3fKCWGtPy4LNua5hQCeOIj/
G3ihCWhGUciVfT689HzzP+Y=
=kO8I
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.