[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: eTicket version 1.5.5 XSS Attack Vulnerability
From: sf () hm2k ! org
Date: 2007-06-29 9:56:41
Message-ID: 20070629095641.5532.qmail () securityfocus ! com
[Download RAW message or body]
The severity of this bug is inaccurate.
Considering this bug is simply XSS, and only available when register_globals is On I \
would consider this "Very Low".
Ultimately eTicket is not designed to work with register_globals On, please turn it \
off. It is set to off in php.ini by default.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic