We were informed recently of an XSS exploit in Zen Cart code.
I would like to thank Armorize technologies for responding so quickly to clarify the details of the exploit, especially Wayne Huang and Benson Wu of Armorize Technologies,
You can read more about the exploit and how to patch the files that are vulnerable at
http://www.zen-cart.com/forum/showth...700#post270700
Bookmarks