[pmwiki-devel] Real vulnerability?
Petko Yotov
5ko at free.fr
Sun May 9 18:45:06 CDT 2010
On Sunday 09 May 2010 23:33:20, kirpi at kirpi.it wrote :
> Just found: http://twitter.com/mushy99/statuses/13634155996
> Is it of any interest?
>
Indeed, that's a way to insert potentially harmful JavaScripts in the page. I
have immediately fixed it and just released version 2.2.16.
The report says:
2010-04-19: Vendor contacted
The vendor has been contacted, but has not replied to my report.
I assume that they e-mailed to Patrick but unfortunately he didn't notice or
was too busy to forward the report to me.
Thanks,
Petko
More information about the pmwiki-devel
mailing list