Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 21 Feb 2016 01:14:14 +0300
From: Solar Designer <>
Subject: Re: Multiple XSS vulnerabilities in Refinery CMS

On Fri, Feb 19, 2016 at 09:07:30PM +0530, Shravan Kumar wrote:
> I would like to publically disclose  Multiple XSS Vulnerabilities Found in
> Refinery CMS.

As a moderator, I have to note that we have two inappropriate postings
here - a link to an external PDF (in fact, the same one in two messages)
and no detail in message body.  I also have to admit that, although this
kind of postings were frowned upon in the past, the "List Content
Guidelines" did not explicitly discourage them.  This is now corrected:

"At least the most essential part of your message (e.g., vulnerability
detail or a PoC exploit) should in fact be in the message itself (and in
plain text), rather than only included by reference to an external
resource.  Posting links to relevant external resources as well is
acceptable, but posting only links is not."

Going forward, PDF-only postings like this may be rejected.

And, doing Shravan's homework this one time, I've attached a plain text
export of the content from the PDF file.  Unfortunately, this does not
capture some of the detail and isn't formatted well (it might even be
partially incorrect, showing some deleted text or such).  Sorry about
that - not my job.  Shravan, on future occasions, please prepare a
proper plain text description of whatever you post in here.


View attachment "Penetration-testing-report--open-source-Ruby-on-rails-Refinery-CMS.txt" of type "text/plain" (7363 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.