Welcome, Guest ( Customer Panel | Login )

 All Forums
 VPCart Forum
 VP-ASP 7.0 Questions
 Web Application Cross Site Scripting
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

39 Posts

Posted - March 21 2011 :  12:48:14  Show Profile  Reply with Quote
found XSS issues on a security scan:... please post the fix here.

Issue 1:

Path /shopnewslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopnewslistings.asp

Issue 2:

Path /shopblogslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopblogslistings.asp

Starting Member

39 Posts

Posted - March 21 2011 :  14:55:41  Show Profile  Reply with Quote
PS: This is a fresh install of the latest SP1 of 7. The very latest version I've seen on the site. I've also looked for a page with references to new security patches but haven't found one.
Go to Top of Page


4337 Posts

Posted - March 21 2011 :  22:44:23  Show Profile  Visit support's Homepage  Reply with Quote
Hi Shaun,

We have created a helpnote on this at:


This has been included in all versions from today onwards.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)