Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: XSS vulnerability in Expression CMS
From: security curmudgeon <jericho () attrition org>
Date: Thu, 16 Dec 2010 18:36:45 -0600 (CST)


: Vulnerability ID: HTB22618
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_expression_cms_1.html
: Product: Expression 
: Vendor: Backbone Technology ( http://www.backbonetechnology.com ) 
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions

How do you know you tested a current version? The vendor web site does not 
list a current version on the page:

http://www.backbonetechnology.com/expression/

They do not appear to offer a demo, and it seemingly requires a 
consultation to purchase. They do list who is running it:

http://www.backbonetechnology.com/portfolio/

Did you test one of their customers' live sites to find this 
vulnerability? If so, again, how do you not know the version you tested? 


  By Date           By Thread  

Current thread:
  • Re: XSS vulnerability in Expression CMS security curmudgeon (Dec 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault