5 Dec
2012
5 Dec
'12
4:27 a.m.
I'm sorry about your getting hit and if you want to send me direct mail,
I'll see that it gets to the right people. I'll also make sure to check out
the situation with that list because it should not be blocking non-subscribers.
As a side note, it might be irresponsable of me but I don't personally think
most security issues warrant as much secrecy as the sec community proscribe
although it's always important to keep PoC scripts out of the hands of people
who might try running them.
Thanks,
Caleb
On 12/04/2012 10:21 PM, Jan-Philip Loos wrote:
Hello,
tonight some XWikis Sites were attacked with XSS. One of this sites is our
own, which runs 4.2.
A wrote the details to security(a)xwiki.org mailing list, but it's rejected by
security-owner(a)xwiki.org. According to
http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists : "However,
anyone can write to these lists to report issues (no subscription needed)."
I think I misinterpreted it.
How can I post the details on this attack to a non public space?
Greetings
Jan-Philip Loos
--
View this message in context:
http://xwiki.475771.n2.nabble.com/XSS-Security-Hole-how-to-post-to-security…
Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users