osCMax Security Update - XSS flaw patched - osCMax


* indicates required field Email Address:* First Name:* Lists: osCMax Newsletter Release Announcements Security Alerts

Navigation
Home osCMax User Manual Template Store osCMax Templates osCommerce 2.2MS2 CRE Loaded ZenCart Forums Bug Tracker Create content Documentation Projects Projects Credit Modules Features Images Info Boxes Languages Order Total Modules oscmax Other osCMax Project Payment Modules Reports Shipping Modules Templates Zones Blogs Categories osCMax Development

User login
Username: * Password: Remember me Create new account Request new password

osCMax BugTracker
0000376: Active/Inactive Status buttons not showing for Categories 0000322: Admin Create Account - Country/State Selector not working 0000375: Fatal Error 0000372: includes/modules/ot_gv.php line 29, uses unknown constant 0000328: Batch Print Center more

Who's online
There are currently 3 users and 57 guests online. Online users twoeyesofblue Tangwystel MrE03

Syndicate

osCMax Security Update - XSS flaw patched

By michael_s at 26 Jan 2009 - 3:08pm

An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.

It is strongly recommended that you immediately update your live store with the patched printable catalog module. The update replaces a single template file. Instructions and the download file are located here:

http://bugtrack.oscmax.com/view.php?id=275

If you are using an SVN version of osCMax, the repository has been updated with this patch, and you should do an 'svn update' to get the latest files.

As a result, osCMax 2.0 RC 3-0-3 has been released as well. This is a full package for any new installs and can be downloaded here:

http://www.oscmax.com/project/osCMax

by mfleeson on Tue, 01/27/2009 - 4:23pm

Just to say Many many thanks.

Mark

by michael_s on Tue, 01/27/2009 - 4:24pm

No problem, now get that patch installed before something bad happens

by mfleeson on Tue, 01/27/2009 - 4:28pm

Done and tested on my two stores before I wrote on the forum. Cheers. M

by MindTwist on Tue, 01/27/2009 - 4:53pm

Now to do some file comparing... Any hints on what code to change? My printable catalog with images is a bit customized, so I would have to compare my original file with the updated one to see what changes have been made, and apply.

Thanks!

by MindTwist on Tue, 01/27/2009 - 4:56pm

Forget my post, doing a file compare brought up the differences really quick

Read full thread
Login or register to post comments

All times are GMT -8. The time now is 06:00 PM.

Shopping Cart Software

osCMax Security Update - XSS flaw patched

Online users

osCMax Security Update - XSS flaw patched