osCMax Security Update - XSS flaw patched

An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.


It is strongly recommended that you immediately update your live store with the patched printable catalog module. The update replaces a single template file. Instructions and the download file are located here:



If you are using an SVN version of osCMax, the repository has been updated with this patch, and you should do an 'svn update' to get the latest files.


As a result, osCMax 2.0 RC 3-0-3 has been released as well. This is a full package for any new installs and can be downloaded here:


User List