Full Disclosure mailing list archives
Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8
From: Daniel Bishtawi <daniel () netsparker com>
Date: Mon, 7 Jan 2019 09:43:02 +0100
Hi Henri, There was no response after the details had been sent to peter () microweber com as requested by Microweber (info () microweber com). They did not follow up with an update on the status of the fix once the technical details has been sent, as requested and did not respond when we tried to contact them. This is case closed from our point of view as the technical details had been sent in April for a older version. Regards, Daniel Bishtawi Marketing Administrator | Netsparker Web Application Security Scanner Tel: +44 (0)20 3588 3843 Follow us on Twitter <https://twitter.com/netsparker> | LinkedIn <https://www.linkedin.com/company/netsparker-ltd> | Facebook <https://facebook.com/netsparker> On Sat, Jan 5, 2019 at 1:32 PM Henri Salo <henri () nerv fi> wrote:
On Thu, Jan 03, 2019 at 10:45:36AM +0100, Daniel Bishtawi wrote:We are glad to inform you about the vulnerabilities we reported in Microweber 1.0.8. Affected Versions: 1.0.8 Homepage: https://github.com/microweber/microweber Status: Not Fixed CVE-ID: CVE-2018-19917 Netsparker Advisory Reference: NS-18-038https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber/13th April 2018- First Contact 14th April 2018 - Technical Details Sent 28th June 2018 - Attempted to Contact 3rd January 2019 - Advisory ReleasedHow did you contact vendor? Are you sure that they didn't fix this? Latest version is 1.1.2 according to https://microweber.com/download. Do you plan to follow-up on this or is this case closed from your point of view? -- Henri Salo
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 04)
- Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo (Jan 08)
- Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Daniel Bishtawi (Jan 08)
- Re: Reflected Cross-site Scripting Vulnerability in Microweber 1.0.8 Henri Salo (Jan 08)