Ah yes - sorry about that. Should indeed be 2015-08-10 I’ve corrected in our published advisory: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ <https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/>
Thanks for letting me know --- Duncan Stuart (@dgmstuart) Head of Products, dxw Exemplary web projects for the public sector http://dxw.com/ 07866 936 959 0345 257 7520 skype: dxwduncan > On 12 Aug 2015, at 08:08, Christ van Willegen <[email protected]> wrote: > > Hi all, > > On Mon, Aug 10, 2015 at 2:16 PM, dxw Security <[email protected]> wrote: >> >> Timeline >> ================ >> >> 2015-07-21: Discovered >> 2015-07-22: Reported to vendor via email >> 2015-07-22: Requested CVE >> 2015-07-10: Vendor confirmed fixed in version 5.4.5 >> 2015-07-10: Published > > After the fact, of course, but I guess 2015-08-10 for 'vendor > confirmed' and 'published'? > > Christ van Willegen > -- > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
