Hi this is Julio, pyforum author. I just wanted to clarify a few things here.
On Dec 9, 2009, I was contacted by this "Nam Nguyen" from bluemoon.com.vn (Viet Nam) domain. This gentleman stated that he had "discovered" several XSS vulnerabilities in pyforum, and in order to "disclose" them to me, I had to enter in some kind of agreement with him (read: pay him money) my "punishment" for not complying with this would result in spreading this information around (I guess his "security firm" does not carry enough weight so he needed to go to the usual channels, secunia being one of them. After more than a year he has failed to provide even one simple proof of concept so I can potentially fix. All of this leads me to believe that such vulnerability indeed does not exist and that these individual's intentions were no other than trying to dishonestly obtain monetary gains. pyforum is open source software and its source code is available for anyone to view. Hope this clarifies the issue, Cheers, Julio F Schwarzbeck. On Oct 12, 9:12 am, Julius Minka <[email protected]> wrote: > There is security issue reported here:http://secunia.com/advisories/37764 > > Is any fix available? > Are there any plans to further develop pyforum? > I am asking because I am considering pyforum as a base for bigger > communication app. >
