Re: CSS found in Movable Type

From: benat_private
Date: Mon May 12 2003 - 14:38:34 PDT

Next message: Dave Palumbo: "XSS In Neoteris IVE Allows Session Hijacking"

Previous message: sharpiemarkerat_private: "Snitz Forum 3.3.03 Remote Command Execution"
Maybe in reply to: DarkHunter: "CSS found in Movable Type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030512182659.16940.qmailat_private> Regarding the potential XSS vulnerability discussed in DarkHunter's message, Movable Type was updated to prevent this possible exploit on February 13, with the release of version 2.6 of the sofware. In addition, all of our users were alerted to the potential of a security issue and urged to update to the newer version. Our current version is 2.63, downloadable at http:// www.movabletype.org, and it prevents this exploit by default, as noted by Jordan Wiens in his follow-up message.

Next message: Dave Palumbo: "XSS In Neoteris IVE Allows Session Hijacking"
Previous message: sharpiemarkerat_private: "Snitz Forum 3.3.03 Remote Command Execution"
Maybe in reply to: DarkHunter: "CSS found in Movable Type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 12 2003 - 22:27:03 PDT