Hello, Pardon me for being dense, but what exactly does "cookie manipulation" mean in this context? What is the vulnerability? Looking at the following exploit code: <input name="id" size=75 value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>"> The (apparent) injection of a META tag suggests that the real issue is XSS. Do you mean that there's an XSS attack which could be used to modify cookies? Or are you talking about CSRF? Where do 'cookiename' and 'cookievalue' come from? Finally, while "Podium" does seem to be in heavy use, what is the actual product and vendor that's affected? Thanks, Steve
