Re: Vulnerability in OFBiz?

> Michele likes to claim credit for reporting all current and future OFBiz
> vulnerabilities based on a very old Jira issue that was fixed long ago.
> He/she can be ignored.
>
> -Adrian
>
>
> On 4/16/2012 11:16 AM, Jacques Le Roux wrote:
>
>> It's not quite clear if it's only a joke or not.
>>
>> Because actually http://archives.neohapsis.com/**
>> archives/fulldisclosure/2012-**04/0171.html<http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0171.html>were new vulnerabilites discovered by Matias Madou (
>> mmadouhp.com) of Fortify/HP Security Research Group.
>> Matias helped us to track them by giving precise URLs and ways of
>> reproducing when  Michele Orru' never answered precisely to our questions
>> in this issue.
>>
>> The only way to be sure would be to reproduce what described Michelle in
>> this issue...
>>
>> Jacques
>>
>> Pierre Smits wrote:
>>
>>> I saw this tweeted:
>>>
>>> *Michele Orru'* ‏ @antisnatchor <https://twitter.com/#!/**antisnatchor<https://twitter.com/#!/antisnatchor>
>>> >
>>>
>>>   - Reply Retweet Favorite ·
>>> Open<https://twitter.com/#!/**antisnatchor/status/**191823272214659072<https://twitter.com/#!/antisnatchor/status/191823272214659072>
>>> >
>>>
>>> New XSSs on Apache OFBiz
>>> http://archives.neohapsis.com/**archives/fulldisclosure/2012-**
>>> 04/0171.html<http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0171.html>
>>> <http://t.co/**8OV2iHcr <http://t.co/8OV2iHcr>>=>
>>> after my recommendations years ago
>>> https://issues.apache.org/**jira/browse/OFBIZ-1959<https://issues.apache.org/jira/browse/OFBIZ-1959>
>>> <https://t.co/RHyVfSy6>they are still vulnerable :D LOL
>>>
>>>
>>> How do we address this?
>>>
>>> Regards,
>>>
>>> Pierre
>>>
>>
>>