Cross site scripting zj silver

**linnx** · 18 Feb 2010, 03:14 PM

Trying to be PCI compliant and failing... There's about 10 of these that all seem to be advanced search related.

Any idea how I can fix?

Thanks

Path /shop/index.php
Query main_page=advanced_search_result
search_in_description=1
keyword=x
inc_subcat=0
>"><script>alert(123)</script><"=20a
alpha_filter_id=65
Headers Referer=http%3A%2F%2F2Fshop%2Findex.php%3Fmain_page%3Dadvanced_search_result%26s earch_in_description%3D1%26keyword%3Dx+%26+ls+-l+%26+dir+%26

**linnx** · 18 Feb 2010, 11:08 PM

Any ideas?

**kobra** · 19 Feb 2010, 11:01 AM

Please add more detail about your issue...
If a zjsilver issue as posted why is this in the ZenCart bug area?

**linnx** · 20 Feb 2010, 12:37 PM

I posted it in the zj silver thread. I get the errors for the search form. When the customer searches for products there is an issue with cross site scripting according to mcafee.

**DrByte** · 20 Feb 2010, 12:58 PM

Are you saying that the problem is isolated to just the zj-silver template? If so, then the discussion needs to happen in that template's support thread, and not in the general Zen Cart Bug Reports area.

Additionally, have you applied this fix? http://www.zen-cart.com/forum/showthread.php?t=130701

**linnx** · 20 Feb 2010, 10:21 PM

I applied that patch and I still fail the PCI. So I'm not sure if its ZJ Silver or not. But thanks for the recommendation. I did apply it.

Thread: Cross site scripting zj silver

Thread Tools

Search Thread

Display

Cross site scripting zj silver

Re: Cross site scripting zj silver

Re: Cross site scripting zj silver

Re: Cross site scripting zj silver

Re: Cross site scripting zj silver

Re: Cross site scripting zj silver

Similar Threads

[Done 1.3.7.1] Cross-Site Scripting in 1.3.7

[Done v1.3.6] Cross-Site Scripting Vulnerabilities in 1.3.5

Posting Permissions