This is a discussion on osCMax Security Update - XSS flaw patched within the Announcement Discussions forums, part of the osCmax News and Announcements category; A new blog entry has been added: [drupal=266]osCMax Security Update - XSS flaw patched[/drupal] An XSS security flaw has been ...
osCMax Security Update - XSS flaw patched A new blog entry has been added:
[drupal=266]osCMax Security Update - XSS flaw patched[/drupal]
An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.
Michael Sasek
osCMax Developer
osCmax installation service - Have our professionals install osCmax on your server - same day service!
osCmax 2.0 User Manual - the must have beginners guide to osCmax v2.0
Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: osCMax Security Update - XSS flaw patched Just to say Many many thanks.
Mark
Re: osCMax Security Update - XSS flaw patched No problem, now get that patch installed before something bad happens
Michael Sasek
osCMax Developer
osCmax installation service - Have our professionals install osCmax on your server - same day service!
osCmax 2.0 User Manual - the must have beginners guide to osCmax v2.0
Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: osCMax Security Update - XSS flaw patched Done and tested on my two stores before I wrote on the forum. Cheers. M
Re: osCMax Security Update - XSS flaw patched Now to do some file comparing... Any hints on what code to change? My printable catalog with images is a bit customized, so I would have to compare my original file with the updated one to see what changes have been made, and apply.
Thanks!
Re: osCMax Security Update - XSS flaw patched Forget my post, doing a file compare brought up the differences really quick
Re: osCMax Security Update - XSS flaw patched Thanks for PMing about this security fix. Much appreciated.
Re: osCMax Security Update - XSS flaw patched I've created custom templates for all my stores and do not use the fallback template. Do I still need to apply the fix?
Re: osCMax Security Update - XSS flaw patched @seaserver: yes, you need to replace the fallback template file and if you also created custom content template files that have a catalog_products_with_images.tpl.php template, you will have to replace each one with this new file. Remember that if you don't create a custom content template file in your custom template folder, your custom template will grab the content template from the fallback directory. That is why it is called fallback... the system falls back to the fallback template if it cannot find a custom content template.
Here is a diff so you can see what was removed/added:
r89 - oscmax2 - Google Code
Michael Sasek
osCMax Developer
osCmax installation service - Have our professionals install osCmax on your server - same day service!
osCmax 2.0 User Manual - the must have beginners guide to osCmax v2.0
Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: osCMax Security Update - XSS flaw patched FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.
im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
where do i overwrite the file?
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks