Cross-site scripting vulnerability, update available

Welcome Guest ( Log In | Register )

Cross-site scripting vulnerability, update available, Security update

Russ McRee View Member Profile	Sep 4 2008, 01:41 PM Post #1
Newbie Group: Members Posts: 1 Joined: 4-September 08 Member No.: 4,488 Reputation: 0	Cross-site scripting (XSS) occurs where the "step_id" and "CHECKOUT_CZ_BLOWFISH_KEY" variables don't properly sanitize input submitted to the checkout.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. http://holisticinfosec.org/content/view/81/45/ Current fix is to replace the file avactis-system/core/request.php with the attached one. After a new version is released this bug fix will be available with the update script. Attached File(s) request.php ( 16.48K ) Number of downloads: 595

Alex Girin View Member Profile	Sep 5 2008, 07:04 AM Post #2
Avactis Support Team Group: Administrators Posts: 625 Joined: 19-June 06 From: Pentasoft Corp. Member No.: 50	Hi Russ, Thank you for your post. This patch is approved and can be applied for versions 1.8.0 and 1.8.1. If you have earlier versions of Avactis, please contact Support. Best Regards, Alex Girin Avactis Shopping Cart Team

IsabelHotchins View Member Profile	Dec 7 2009, 10:45 AM Post #3
Newbie Group: Members Posts: 1 Joined: 5-December 09 Member No.: 5,078 Reputation: 0	thanks. very helpful post. I read a few of your other posts and they all helped me.

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Time is now: 31st July 2010 - 05:43 AM

Shopping cart Ecommerce software