Fwd: {Lostmonґs Group} Re: Wowd search client multiple variable xss (solution)

Type securityvulns
Reporter Securityvulns
Modified 2009-11-05T00:00:00


hello I receive today this response from word search engine developer i test the new version of Wowd client ( 1.3.1 ) and this issue http://lostmon.blogspot.com/2009/10/wowd-search-client-multiple-variable.html is now solved.

Thnx for your time !!!

---------- Forwarded message ---------- From: Bill York <wmyork@gmail.com> Date: 2009/11/3 Subject: {Lostmon´s Group} Re: Wowd search client multiple variable xss To: Lostmon´s Group <lostmon@googlegroups.com>

I am Bill York, VP of Engineering for Wowd. Thank you for bringing the cross-site scripting vulnerability to our attention.

The bug created a "non-persistent" cross-site scripting security vulnerability. We fixed this bug on our web site on October 28, the day after it was discovered, and have fixed it in version 1.3.1 of our local client application, which was released on Monday, November 2. The update has been applied to almost all running instances of Wowd. To our knowledge, no exploit for this bug was actually attempted and none of our users were affected. Please contact us at feedback@wowd.com if you have any questions.

--~--~---------~--~----~------------~-------~--~----~ Has recibido este mensaje porque estás suscrito a Grupo "Lostmon´s Group" de Grupos de Google.  Si quieres publicar en este grupo, envía un mensaje de correo electrónico a lostmon@googlegroups.com  Para anular la suscripción a este grupo, envía un mensaje a lostmon+unsubscribe@googlegroups.com  Para obtener más opciones, visita este grupo en http://groups.google.com/group/lostmon?hl=es.


-- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ Google group: http://groups.google.com/group/lostmon (new) -- La curiosidad es lo que hace mover la mente....