|
|||||||
| Zen Cart Release Announcements Watch this forum for new releases and other important announcements. Click here to subscribe to these announcements. |
 |
|
|
Thread Tools | Display Modes |
2nd October 2006, 02:31 AM
|
#1 |
|
Oji-san
Join Date: Jun 2003
Location: Newcastle UK
Posts: 2,527
|
v1.3.5 Security Alert
We were informed recently of an XSS exploit in Zen Cart code.
I would like to thank Armorize technologies for responding so quickly to clarify the details of the exploit, especially Wayne Huang and Benson Wu of Armorize Technologies, You can read more about the exploit and how to patch the files that are vulnerable at http://www.zen-cart.com/forum/showth...700#post270700 |
|
|
2nd October 2006, 06:51 AM
|
#2 |
|
Sensei
Join Date: Jan 2004
Location: Ontario, Canada
Posts: 39,868
|
Re: v1.3.5 Security Alert
Zen Cart v1.3.5 XSS PATCH Released Oct 1, 2006
================================================= To combat a reported XSS exploit vulnerability in Zen Cart, simply download the files from the patch ZIP and copy the enclosed /admin files for login.php and password_forgotten.php to your admin folder. Remember, if you have renamed your admin folder, you will have to use *that* folder name when copying/uploading. File can be downloaded here: http://sourceforge.net/project/showf...ease_id=444622 These fixes are NOT included in the main "full-fileset" zip. Please apply these fixes AFTER unzipping the main full-fileset zip contents. Alternatively, you may wish to apply the edits manually: http://www.zen-cart.com/forum/showthread.php?t=47526
__________________
Zen Cart - putting the dream of business ownership within reach of anyone! |
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 03:52 PM.
Learn tips, tricks & secrets for your Zen Cart™
Sign up for our FREE Newsletter
Sign up for our FREE Newsletter