Re: XSS vulnerability in Expression CMS

From: security curmudgeon <>
Subject: Re: XSS vulnerability in Expression CMS

: Vulnerability ID: HTB22618
: Reference:
: Product: Expression 
: Vendor: Backbone Technology ( ) 
: Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions

How do you know you tested a current version? The vendor web site does not 
list a current version on the page:

They do not appear to offer a demo, and it seemingly requires a 
consultation to purchase. They do list who is running it:

Did you test one of their customers' live sites to find this 
vulnerability? If so, again, how do you not know the version you tested? 

Copyright © 1995-2018 All rights reserved.