[25281] in bugtraq
Re: XMB cross-scripting vulnerability
daemon@ATHENA.MIT.EDU (Joe)
Fri Apr 26 16:17:23 2002
Date: 26 Apr 2002 15:53:44 -0000
Message-ID: <20020426155344.8481.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Joe <joe@STCS-Net.com>
To: bugtraq@securityfocus.com
In-Reply-To: <.iD6VJLPQh16WL2@aport2000.ru>
Actually, the subject message WAS accurate insome respects, however, it is NOT true at this
point. In February, there was a pre-beta version being used on the XMB support forum, and that
version DID indeed have the javascript security flaw. When several people, including, I suspect,
the poster of the original message repeatedly used that exploit to showthe vulnerabilty, the
current developers of version1.6 made theneeded cahnges, and the hole no longer exists.
Version1.6 is now in a final beta, and that security hole, along with another that we beta testers
found, has been closed.
Joe McManus, XMB 1.6 Beta Tester.
