tag:blogger.com,1999:blog-1009764183767741775.post2471787773851096001..comments2022-05-17T23:34:26.172-07:00Comments on -UNSECURED SYSTEMS-: Freeside XSS vuln.r0thttp://www.blogger.com/profile/10020805488138121878noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1009764183767741775.post-22646138402122091282007-11-27T18:16:00.000-08:002007-11-27T18:16:00.000-08:00(corrected URL)Hello,A hotfix for 1.7.2 for this X...(corrected URL)<BR/><BR/>Hello,<BR/><BR/>A hotfix for 1.7.2 for this XSS issue was checked into our CVS<BR/>repository on October 2nd and may be downloaded from<BR/>http://www.sisd.com/cgi-bin/viewvc.cgi/freeside/httemplate/search/cust_bill_event.cgi?r1=1.12&r2=1.12.2.1&pathrev=FREESIDE_1_7_BRANCH&view=patch<BR/><BR/>This issue is also corrected in the upcoming 1.7.3 and 1.9.0 releases.<BR/><BR/>As the vendor of the product in question, I'd like to express my<BR/>dissapointment that we were never contacted about this vulnerability,<BR/>either before, or, at the very least, at the same time as public<BR/>release. Extremely disappointing and unprofessional handling of this<BR/>from "r0t" and "pridels-team".<BR/><BR/>Ivan Kohler<BR/>President, Chief Geek and Janitor<BR/>Freeside Internet Services, Inc.ivanhttps://www.blogger.com/profile/15820392186340895770noreply@blogger.comtag:blogger.com,1999:blog-1009764183767741775.post-77313947365930463392007-11-27T18:12:00.000-08:002007-11-27T18:12:00.000-08:00Hello,A hotfix for 1.7.2 for this XSS issue was ch...Hello,<BR/><BR/>A hotfix for 1.7.2 for this XSS issue was checked into our CVS repository on October 2nd and may be downloaded from<BR/>http://www.sisd.com/cgi-bin/viewvc.cgi/freeside/httemplate/search/cust_bill_eve$<BR/><BR/>This issue is also corrected in the upcoming 1.7.3 and 1.9.0 releases.<BR/><BR/>As the vendor of the product in question, I'd like to express my<BR/>dissapointment that we were never contacted about this vulnerability,<BR/>either before, or, at the very least, at the same time as public release. Extremely disappointing and unprofessional handling of this from<BR/>"r0t" and "pridels-team".<BR/><BR/>Ivan Kohler<BR/>President, Chief Geek and Janitor<BR/>Freeside Internet Services, Inc.ivanhttps://www.blogger.com/profile/15820392186340895770noreply@blogger.com