VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 VP-ASP 7.0 Questions
 Web Application Cross Site Scripting
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

webshaun
Starting Member

39 Posts

Posted - March 21 2011 :  12:48:14  Show Profile  Reply with Quote
found XSS issues on a security scan:... please post the fix here.

Issue 1:

Path /shopnewslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopnewslistings.asp

Issue 2:

Path /shopblogslistings.asp
Query archive=>"><script>alert(123)</script><"

Headers Referer=http%3A%2F%2Fhostnj.net%2Fshopblogslistings.asp

webshaun
Starting Member

39 Posts

Posted - March 21 2011 :  14:55:41  Show Profile  Reply with Quote
PS: This is a fresh install of the latest SP1 of 7. The very latest version I've seen on the site. I've also looked for a page with references to new security patches but haven't found one.
Go to Top of Page

support
Administrator

4266 Posts

Posted - March 21 2011 :  22:44:23  Show Profile  Visit support's Homepage  Reply with Quote
Hi Shaun,

We have created a helpnote on this at:

http://helpnotes.vpasp.com/kb/46-Security-&-Patches/1002-Security-Fix-to-XSS-issue-to-News---Blog-Listing-pages/

This has been included in all versions from today onwards.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000