Hi Henri, There was no response after the details had been sent to [email protected] as requested by Microweber ([email protected]). They did not follow up with an update on the status of the fix once the technical details has been sent, as requested and did not respond when we tried to contact them. This is case closed from our point of view as the technical details had been sent in April for a older version.
Regards, Daniel Bishtawi Marketing Administrator | Netsparker Web Application Security Scanner Tel: +44 (0)20 3588 3843 Follow us on Twitter <https://twitter.com/netsparker> | LinkedIn <https://www.linkedin.com/company/netsparker-ltd> | Facebook <https://facebook.com/netsparker> On Sat, Jan 5, 2019 at 1:32 PM Henri Salo <[email protected]> wrote: > On Thu, Jan 03, 2019 at 10:45:36AM +0100, Daniel Bishtawi wrote: > > We are glad to inform you about the vulnerabilities we reported in > > Microweber 1.0.8. > > Affected Versions: 1.0.8 > > Homepage: https://github.com/microweber/microweber > > Status: Not Fixed > > CVE-ID: CVE-2018-19917 > > Netsparker Advisory Reference: NS-18-038 > > > > https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber/ > > 13th April 2018- First Contact > > 14th April 2018 - Technical Details Sent > > 28th June 2018 - Attempted to Contact > > 3rd January 2019 - Advisory Released > > How did you contact vendor? Are you sure that they didn't fix this? Latest > version is 1.1.2 according to https://microweber.com/download. Do you > plan to > follow-up on this or is this case closed from your point of view? > > -- > Henri Salo > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
