[pmwiki-devel] Real vulnerability?
Oliver Betz
list_ob at gmx.net
Mon May 10 01:47:51 CDT 2010
Petko Yotov wrote:
>Indeed, that's a way to insert potentially harmful JavaScripts in the page. I
>have immediately fixed it and just released version 2.2.16.
thanks for the quick patch!
>The report says:
> 2010-04-19: Vendor contacted
> The vendor has been contacted, but has not replied to my report.
>
>I assume that they e-mailed to Patrick but unfortunately he didn't notice or
>was too busy to forward the report to me.
http://www.hboeck.de/ shows Hanno's mail address - maybe you can
contact him?
Also Secunia should be informed about the patch since
http://secunia.com/advisories/product/6195/ shows still "unpatched".
Oliver
More information about the pmwiki-devel
mailing list