Date: Sun, 21 Feb 2016 01:14:14 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Multiple XSS vulnerabilities in Refinery CMS On Fri, Feb 19, 2016 at 09:07:30PM +0530, Shravan Kumar wrote: > I would like to publically disclose Multiple XSS Vulnerabilities Found in > Refinery CMS. As a moderator, I have to note that we have two inappropriate postings here - a link to an external PDF (in fact, the same one in two messages) and no detail in message body. I also have to admit that, although this kind of postings were frowned upon in the past, the "List Content Guidelines" did not explicitly discourage them. This is now corrected: http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines "At least the most essential part of your message (e.g., vulnerability detail or a PoC exploit) should in fact be in the message itself (and in plain text), rather than only included by reference to an external resource. Posting links to relevant external resources as well is acceptable, but posting only links is not." Going forward, PDF-only postings like this may be rejected. And, doing Shravan's homework this one time, I've attached a plain text export of the content from the PDF file. Unfortunately, this does not capture some of the detail and isn't formatted well (it might even be partially incorrect, showing some deleted text or such). Sorry about that - not my job. Shravan, on future occasions, please prepare a proper plain text description of whatever you post in here. Alexander View attachment "Penetration-testing-report--open-source-Ruby-on-rails-Refinery-CMS.txt" of type "text/plain" (7363 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.