Fwd: {Lostmon´s Group} Re: Wowd search client multiple variable xss (solution)
0 views
Skip to first unread message
Lostmon lords
Nov 3, 2009, 4:50:21 AM11/3/09
to moder...@osvdb.org, bu...@securitytracker.com, vu...@securityfocus.com, vu...@secunia.com, submi...@packetstormsecurity.org, ne...@securiteam.com, xfo...@iss.net, Vu...@frsirt.com, bug...@securityfocus.com, los...@googlegroups.com
hello
I receive today this response from word search engine developer
i test the new version of Wowd client ( 1.3.1 ) and this issue
http://lostmon.blogspot.com/2009/10/wowd-search-client-multiple-variable.html
is now solved.
Thnx for your time !!!
---------- Forwarded message ----------
From: Bill York <wmy...@gmail.com>
Date: 2009/11/3
Subject: {Lostmon´s Group} Re: Wowd search client multiple variable xss
To: Lostmon´s Group <los...@googlegroups.com>
I am Bill York, VP of Engineering for Wowd. Thank you for bringing the
cross-site scripting vulnerability to our attention.
The bug created a "non-persistent" cross-site scripting security
vulnerability. We fixed this bug on our web site on October 28, the
day after
it was discovered, and have fixed it in version 1.3.1 of our local
client
application, which was released on Monday, November 2. The update has
been applied to almost all running instances of Wowd. To our
knowledge, no
exploit for this bug was actually attempted and none of our users were
affected. Please contact us at feed...@wowd.com if you have any
questions.
--
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
I receive today this response from word search engine developer
i test the new version of Wowd client ( 1.3.1 ) and this issue
http://lostmon.blogspot.com/2009/10/wowd-search-client-multiple-variable.html
is now solved.
Thnx for your time !!!
---------- Forwarded message ----------
From: Bill York <wmy...@gmail.com>
Date: 2009/11/3
Subject: {Lostmon´s Group} Re: Wowd search client multiple variable xss
To: Lostmon´s Group <los...@googlegroups.com>
I am Bill York, VP of Engineering for Wowd. Thank you for bringing the
cross-site scripting vulnerability to our attention.
The bug created a "non-persistent" cross-site scripting security
vulnerability. We fixed this bug on our web site on October 28, the
day after
it was discovered, and have fixed it in version 1.3.1 of our local
client
application, which was released on Monday, November 2. The update has
been applied to almost all running instances of Wowd. To our
knowledge, no
exploit for this bug was actually attempted and none of our users were
affected. Please contact us at feed...@wowd.com if you have any
questions.
--
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Reply all
Reply to author
Forward
0 new messages