msasek Posted January 27, 2009 Share Posted January 27, 2009 Just an update for anyone using any version of this mod (3.5 or older), it has a serious XSS security flaw. It was not properly sanitizing input, and allowed XSS attacks. I have updated the package to correctly sanitize input to no longer allow xss attacks. Get v3.6 and update your shop immediately. All you have to do is replace the catalog_products_with_images.php file with the fixed version. That will close the hole. Download it here: http://addons.oscommerce.com/info/1410 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.