Full service web hosting, great prices and support. Starts at $1.99/month!
Page 2 of 3 First 123 LastLast
Results 11 to 20 of 21

Thread: osCMax Security Update - XSS flaw patched

  1. #11
    osCMax Developer


    osCMax Security Update - XSS flaw patched

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,012
    Contribute If you enjoy reading the
    content here, click the below
    image to support our site.
    Click Here To Contribute To Our Site

    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default Re: osCMax Security Update - XSS flaw patched

    This is for osCMax only, not osCommerce.

    If you have installed the mod Printable Catalog into your standard osCommerce shop, go to addons.oscommerce.com and download the v3.6 printable catalog mod and use it to update your site.

    If you have not installed Printable Catalog on your shop, this does not apply to you.


    Quote Originally Posted by ecom View Post
    FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.

    im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
    where do i overwrite the file?
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  2. #12
    DreamOn2003
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Thanks a lot for the patch, but thanks for using pm also

  3. #13
    jpf
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Quote Originally Posted by ecom View Post
    FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.

    im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
    where do i overwrite the file?
    This is a osCMax release! Not a osCommerce RC2 release -----they don't have/use templates.

  4. #14
    Dranoel
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Thanks for the security message--- file updated and works great!

  5. #15
    johnedgley
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Many thanks for the pm and the speedy fix - much appreciated!

  6. #16
    chevelle
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    Hello Michael,

    Sorry about the post to your Profile Page - Didn't know I should post this in the forum.


    Trying to install the security fix dated Jan. 27, 2009.

    Cart version v2.2 RC2 installed via Cpanel.

    I don't see the path or file name via ftp.

    /catalog/templates/fallback/content/

    When viewing the cart I don't see a printable catalog link either.

    Thanks,
    Steve Boyd
    Tucson, Arizona

  7. #17
    Member mfleeson's Avatar
    Join Date
    Aug 2004
    Location
    Lindisfarne, UK
    Posts
    41
    Contribute If you enjoy reading the
    content here, click the below
    image to support our site.
    Click Here To Contribute To Our Site

    Total Contributions For

    mfleeson     $ 0.00
    Rep Power
    0


    Default Re: osCMax Security Update - XSS flaw patched

    Hey Chevelle

    The fix is only for oscmax users. 2.2RC2 is an oscommerce release so doesnt have templates.

    Best Wishes

    Mark

  8. #18
    osCMax Developer


    osCMax Security Update - XSS flaw patched

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,012
    Contribute If you enjoy reading the
    content here, click the below
    image to support our site.
    Click Here To Contribute To Our Site

    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default Re: osCMax Security Update - XSS flaw patched

    Steve, like Mark said, osCommerce 2.2RC2a is not affected by this security problem unless you manually added the Printable Catalog (any version prior to v3.6 which is the patch we released) to your osCommerce store.

    If you are not using osCMax, and don't have printable catalog installed, you are safe from this one.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  9. #19
    farhang_roosta
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    thanks thanks

  10. #20
    heatherk
    Guest


    Default Re: osCMax Security Update - XSS flaw patched

    if this isn't fixed on the site, would it allow someone to upload files to your site - we recently had a site compromised and we're trying to figure out how they got in.

Page 2 of 3 First 123 LastLast

Similar Threads

  1. osCMax Security Update - Arbitrary Upload Exploit
    By michael_s in forum Announcement Discussions
    Replies: 16
    Last Post: 09-29-2008, 09:25 AM
  2. Cart Quantity Security Flaw Patch
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 10-02-2007, 01:01 PM
  3. Cart Quantity Security Flaw Patch
    By michael_s in forum New osCommerce Contributions
    Replies: 0
    Last Post: 10-02-2007, 03:02 AM
  4. osCMax 2.0RC2 Security Patch/Update 051112
    By wilde-uk in forum osCmax v2 Installation issues
    Replies: 5
    Last Post: 04-12-2006, 07:45 PM
  5. osCMax 2.0RC2 Security Patch/Update 051112
    By michael_s in forum Announcements
    Replies: 0
    Last Post: 11-27-2005, 10:12 AM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •