[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability

To: Vulnerability Lab <research@xxxxxxxxxxxxxxxxxxxxx>, fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
From: Gynvael Coldwind <gynvael@xxxxxxxxxxx>
Date: Sun, 05 Jul 2015 06:30:02 +0000

Hi,

Quick question with regards to your disclosure - why are you attributing
the ownership/authorship of HTTP Live Headers to Google? The website you
linked seems to clearly says it's developed by eSolutions Nordic AB
("offered by https://www.esolutions.se";).

Also, if you found a vulnerability in eSolutions' HTTP Live Headers, why do
you include information about "Google's Chrome Web Store" in the "Product &
Service Introduction"?

And last question - did you notify eSolutions about the bug?

Cheers,
Gynvael

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
  - From: Vulnerability Lab

Prev by Date: [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
Next by Date: [FD] Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass
Previous by thread: [FD] Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
Next by thread: [FD] Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass
Index(es):
- Date
- Thread