Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 VP-ASP 7.0 Questions
 Web Application Cross Site Scripting
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

webshaun
Starting Member

39 Posts

Posted - March 21 2011 :  12:48:14  Show Profile  Reply with Quote
found XSS issues on a security scan:... please post the fix here.

Issue 1:

Path /shopnewslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopnewslistings.asp

Issue 2:

Path /shopblogslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopblogslistings.asp

webshaun
Starting Member

39 Posts

Posted - March 21 2011 :  14:55:41  Show Profile  Reply with Quote
PS: This is a fresh install of the latest SP1 of 7. The very latest version I've seen on the site. I've also looked for a page with references to new security patches but haven't found one.
Go to Top of Page

support
Administrator

4337 Posts

Posted - March 21 2011 :  22:44:23  Show Profile  Visit support's Homepage  Reply with Quote
Hi Shaun,

We have created a helpnote on this at:

http://helpnotes.vpasp.com/kb/46-Security-&-Patches/1002-Security-Fix-to-XSS-issue-to-News---Blog-Listing-pages/

This has been included in all versions from today onwards.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00