Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: osCMax Security Update - XSS flaw patched

  1. #1
    osCMax Developer


    osCMax Security Update - XSS flaw patched

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,011
    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default osCMax Security Update - XSS flaw patched

    A new blog entry has been added:

    [drupal=266]osCMax Security Update - XSS flaw patched[/drupal]

    An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  2. #2
    Member mfleeson's Avatar
    Join Date
    Aug 2004
    Location
    Lindisfarne, UK
    Posts
    40
    Total Contributions For

    mfleeson     $ 0.00
    Rep Power
    0


    Default Re: osCMax Security Update - XSS flaw patched

    Just to say Many many thanks.

    Mark

  3. #3
    osCMax Developer


    osCMax Security Update - XSS flaw patched

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,011
    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default Re: osCMax Security Update - XSS flaw patched

    No problem, now get that patch installed before something bad happens
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  4. #4
    Member mfleeson's Avatar
    Join Date
    Aug 2004
    Location
    Lindisfarne, UK
    Posts
    40
    Total Contributions For

    mfleeson     $ 0.00
    Rep Power
    0


    Default Re: osCMax Security Update - XSS flaw patched

    Done and tested on my two stores before I wrote on the forum. Cheers. M

  5. #5
    Active Member MindTwist's Avatar
    Join Date
    Jun 2007
    Location
    Barcelona, Spain
    Posts
    409
    Total Contributions For

    MindTwist     $ 0.00
    Rep Power
    15


    Default Re: osCMax Security Update - XSS flaw patched

    Now to do some file comparing... Any hints on what code to change? My printable catalog with images is a bit customized, so I would have to compare my original file with the updated one to see what changes have been made, and apply.

    Thanks!

  6. #6
    Active Member MindTwist's Avatar
    Join Date
    Jun 2007
    Location
    Barcelona, Spain
    Posts
    409
    Total Contributions For

    MindTwist     $ 0.00
    Rep Power
    15


    Default Re: osCMax Security Update - XSS flaw patched

    Forget my post, doing a file compare brought up the differences really quick

  7. #7
    jquach
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Thanks for PMing about this security fix. Much appreciated.

  8. #8
    New Member
    Join Date
    Mar 2005
    Posts
    21
    Total Contributions For

    seaserver     $ 0.00
    Rep Power
    0


    Default Re: osCMax Security Update - XSS flaw patched

    I've created custom templates for all my stores and do not use the fallback template. Do I still need to apply the fix?

  9. #9
    osCMax Developer


    osCMax Security Update - XSS flaw patched

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,011
    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default Re: osCMax Security Update - XSS flaw patched

    @seaserver: yes, you need to replace the fallback template file and if you also created custom content template files that have a catalog_products_with_images.tpl.php template, you will have to replace each one with this new file. Remember that if you don't create a custom content template file in your custom template folder, your custom template will grab the content template from the fallback directory. That is why it is called fallback... the system falls back to the fallback template if it cannot find a custom content template.

    Here is a diff so you can see what was removed/added:
    r89 - oscmax2 - Google Code
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  10. #10
    ecom
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.

    im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
    where do i overwrite the file?

Page 1 of 3 123 LastLast

Similar Threads

  1. osCMax Security Update - Arbitrary Upload Exploit
    By michael_s in forum Announcement Discussions
    Replies: 16
    Last Post: 09-29-2008, 09:25 AM
  2. Cart Quantity Security Flaw Patch
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 10-02-2007, 01:01 PM
  3. Cart Quantity Security Flaw Patch
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 10-02-2007, 03:02 AM
  4. osCMax 2.0RC2 Security Patch/Update 051112
    By wilde-uk in forum osCmax v2 Installation issues
    Replies: 5
    Last Post: 04-12-2006, 07:45 PM
  5. osCMax 2.0RC2 Security Patch/Update 051112
    By michael_s in forum Announcements
    Replies: 0
    Last Post: 11-27-2005, 09:12 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •