[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: eTicket version 1.5.5 XSS Attack Vulnerability
From:       sf () hm2k ! org
Date:       2007-06-29 9:56:41
Message-ID: 20070629095641.5532.qmail () securityfocus ! com
[Download RAW message or body]

The severity of this bug is inaccurate.

Considering this bug is simply XSS, and only available when register_globals is On I \
would consider this "Very Low".

Ultimately eTicket is not designed to work with register_globals On, please turn it \
off. It is set to off in php.ini by default.


[prev in list] [next in list] [prev in thread] [next in thread]