News Document Title:
====================
FAQ Center Vulnerability - Fast Update by Strato Dev Team


Release Date:
=============
2012-01-06


Laboratory Article:
===================
After a short check this early morning, we can announce a nice and very fast patch/fix by the famous strato dev team. 
5 Days ago we discovered a client-side issue on the strato faq center which is integrated everywhere on the website.
 
The bug was located in a special listing (input/output) of the faq finder module. The vulnerability allows remote 
attacker to hijack customer sessions with required user inter action click. Successful exploitation can result in 
client-side content manipulation, client side cross site scripting, session hijacking and client side phishing attacks.

The patch/fix has been released faster then the last one ... (http://www.vulnerability-lab.com/get_content.php?id=372)

Title: 		Strato FAQ Center 2012 - Cross Site Scripting Vulnerability

		2012-01-03:	Vendor Notification
		2012-01-04:	Vendor Response/Feedback
		2012-01-05:	Vendor Fix/Patch
		2012-01-06:	Public or Non-Public Disclosure


Review also the last strato time-line and issue ... (http://www.vulnerability-lab.com/get_content.php?id=141)

Title: 		Strato Server ACP - Persistent DOM XSS Vulnerabilities

		2011-08-14:	Vendor Notification
		2011-08-17:	Vendor Response/Feedback
		2011-08-19:	Vendor Fix/Patch
		2011-08-26:	Public or Non-Public Disclosure

At the end we can say our provider (strato) is fast(good+) in patching security vulnerabilities and cares about its customers.


Advisory: 	http://www.vulnerability-lab.com/get_content.php?id=372