[WEB SECURITY] XSS Vulnerability Notification and Disclosure
webappsec at cjmarsh.com
webappsec at cjmarsh.com
Wed Aug 10 16:47:36 EDT 2005
All
> Chris - try and contact them directly via phone. You have no
> way of knowing whether the email was bounced or caught in a
> filter somewhere. If you can't reach them by phone try
> posting to their forum asking someone to contact you
> regarding a security vulnerability with the site, without
> actually disclosing the details.
Many thanks to all who responded. Earlier on today I was contacted regarding
this issue with a promise to address it and a request for further
information. I have responded with a detailed (and private) assessment, so
it looks as if patience does indeed have its rewards.
Thanks once again for all of the input, and I hope I shall be able to
contribute to the list myself in the future.
Regards
Chris Marsh
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.5/67 - Release Date: 09/08/2005
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list