VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 General help me questions
 Vulnerability in saved trolleys ? (and elsewhere)
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

8 Posts

Posted - November 12 2008 :  04:24:27  Show Profile  Reply with Quote
We have a problem that when a user saves their cart, they can place any kind of html tags inside the input box which they want to name their cart like.

Won't this allow a form to run remote scripts and thereby meaning the whole site could be hacked and card details / customer information stolen ?

Also if this is happening here, are there any other places where this is happening allowing html tags to be response.written straight back into the page ?

Has VPASP got a fix for this problem ?


VP-ASP Expert

United Kingdom
948 Posts

Posted - November 12 2008 :  04:52:22  Show Profile  Reply with Quote
Hi David,

the VP-ASP cart has a pretty good customer input field text cleanser that will check for any offending characters (from a regularly updated list patch) and remove them. Our site has not had any problems so far.


Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000