osCMax Security Update - XSS flaw patched

Submitted by michael_s on Mon, 01/26/2009 - 3:08pm.

An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.

It is strongly recommended that you immediately update your live store with the patched printable catalog module. The update replaces a single template file. Instructions and the download file are located here:

http://bugtrack.oscmax.com/view.php?id=275

If you are using an SVN version of osCMax, the repository has been updated with this patch, and you should do an 'svn update' to get the latest files.

As a result, osCMax 2.0 RC 3-0-3 has been released as well. This is a full package for any new installs and can be downloaded here:

http://www.oscmax.com/project/osCMax

Re: osCMax Security Update - XSS flaw patched

Submitted by mfleeson on Tue, 01/27/2009 - 4:23pm.

Just to say Many many thanks.

Mark

Re: osCMax Security Update - XSS flaw patched

Submitted by michael_s on Tue, 01/27/2009 - 4:24pm.

No problem, now get that patch installed before something bad happens

Re: osCMax Security Update - XSS flaw patched

Submitted by mfleeson on Tue, 01/27/2009 - 4:28pm.

Done and tested on my two stores before I wrote on the forum. Cheers. M

Re: osCMax Security Update - XSS flaw patched

Submitted by MindTwist on Tue, 01/27/2009 - 4:53pm.

Now to do some file comparing... Any hints on what code to change? My printable catalog with images is a bit customized, so I would have to compare my original file with the updated one to see what changes have been made, and apply.

Thanks!

Re: osCMax Security Update - XSS flaw patched

Submitted by MindTwist on Tue, 01/27/2009 - 4:56pm.

Forget my post, doing a file compare brought up the differences really quick

Read full thread
Login or register to post comments