Posted by Benedikt Westermann on Mar 09

Hi Nick,

Status remains the same. The vulnerabilities are also valid for the new version 1.4.0.6. I checked it and could still
reproduce the password-reset, the XSS, the CSRF, and the found also the cookie mentioned in the report after login. So,
nothing has changed with respect to the vulnerabilities.

Regards,
Benedikt