TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2

d via email 2013/02/18 initial response 2013/03/04 proposed fix by vendor 2013/03/08 second proposed fix by vendor 2013/03/13 fix confirmed 2013/03/14 vendor released update 1.0.3 2013/04/03 Public disclosure Credits Simon Bieber (sbie...@tele-consulting.com) Tele-C

secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application

le contact 2018/01/22 Sent technical details 2018/02/12 Developer replied proposing fix 2018/03/28 Developer contacted us to announce the upcoming release 2018/04/05 OCS Version 2.4.1 was released 2018/08/09 Release of the security advisory Credits Simon Bieber, secuvera GmbH

secuvera-SA-2017-04: SQL-Injection Vulnerability in OCS Inventory NG ocsreports Web application

%5D=4&ocs%5B%5D=&\ --- Solution: Install OCS Inventory Release 2.4.1 or newer. Disclosure Timeline: 2017/12/15 vendor contacted, asked for security contact information 2018/01/02 contacted vendor again after no answer was received so far 2018/01/02 response of responsi