<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
4.12-5<br>
<br>
On 03/02/2016 01:57 AM, Brian Pocock wrote:<br>
<span style="white-space: pre;">> What version of Zend.to are you
running? There is a known XSS in an earlier version of code.<br>
><br>
> Brian Pocock - Consultant<br>
> Nebulas <br>
><br>
> On 1 Mar 2016, at 22:14, Keith Erekson <<a class="moz-txt-link-abbreviated" href="mailto:kbe2@lehigh.edu">kbe2@lehigh.edu</a>
<a class="moz-txt-link-rfc2396E" href="mailto:kbe2@lehigh.edu"><mailto:kbe2@lehigh.edu></a>> wrote:<br>
><br>
>><br>
> Tested on Mac OS X 10.10, seems to work in Firefox (41 and
44), but not Chrome (48) nor Safari (9).<br>
><br>
> (pickup.php, not pickup/php for anyone who wants to try)<br>
><br>
> ~Keith<br>
><br>
> On 03/01/2016 02:14 PM, Chris Venter wrote:<br>
> > Hi<br>
><br>
><br>
><br>
> > Our security audit has highlighted a possible
reflected cross<br>
> site scripting error on the pickup.php page,to test we
ran<br>
><br>
><br>
><br>
> > <a class="moz-txt-link-freetext" href="https://server_name/pickup/php?emailAddr=test">https://server_name/pickup/php?emailAddr=test</a>"<br>
> /><script>alert('XSS Test')</script><br>
><br>
><br>
><br>
> > Can anyone else confirm if this is an issue?<br>
><br>
><br>
><br>
> > Thanks<br>
><br>
> > CJ<br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
> > ZendTo mailing list<br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
><br>
> >
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br>
><br>
>><br>
>> _______________________________________________<br>
>> ZendTo mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a> <a class="moz-txt-link-rfc2396E" href="mailto:ZendTo@zend.to"><mailto:ZendTo@zend.to></a><br>
>> <a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br>
> *Company name:* Nebulas Solutions Group Ltd *Company
Registration Number:* 04281153 *Place of Registration:* England
and Wales *Registered Office Address:* 256 Waterloo Road, London,
SE1 8RF<br>
><br>
><br>
> _______________________________________________<br>
> ZendTo mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
> <a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
<br>
iQEcBAEBCAAGBQJW1y3fAAoJEMdFVhhDm2SFEhIH/2P6RW7MOzcQuAeXvfZ0Nhi7<br>
ibG4eWItPWFizpWVec8E4rJZI9BX/3dHmwKzwf5VKHSHASywr0q4kchBYaalseeH<br>
OcFEjKf3AlPH1rPW9l3bRxCjVKl7C5dP3s8rJpWYHCAr3uhJnv9ddC0pGUfeXafG<br>
ccbsIU3aJ7SbLM9E6zWX9rBXAFcSpgXjydEVyqGiZ1Atl5jpeyl38EsKZmi+81uZ<br>
ddEey+LPyHeXjbCxa/BgwCW/2WOC7vy7G9wComED4O8uw+VExhG0jMxv8sqcGdzS<br>
cT0pqClcXWTgcj293WFi/Ek6gxiHCHcR/N/TNF8w9eLLUcz2wJJkekU3CKiD0a0=<br>
=1x2p<br>
-----END PGP SIGNATURE-----<br>
<br>
</body>
</html>