Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Forum Search
Google Site Search
Buy now for ...
How it works
General help
Author « Topic »  

Fingertech
Advanced Member

Canada
318 Posts

Pre-sales questions only
(More Details...)

Posted - 06/17/2021 :  17:45:57  
I received an email from openbugnounty.org saying someone had found a vulnerability on the store template.
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79

Problem:
[url]https://www.fingertechrobotics.com/proddetail.php?prod="><svg/onload=alert(2)>[/url]
brings up an unintended alert.

Is there something that needs to be done about this?
Thanks in advance.

Vince
Administrator

42756 Posts
Posted - 06/18/2021 :  00:51:56  
Hi Fingertech
This looks like it is your "canonical" and "og:url" tags that are to blame, and I think looking at this post should resolve the issue...
https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=104554

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Fingertech
Advanced Member

Canada
318 Posts

Pre-sales questions only
(More Details...)
Posted - 06/18/2021 :  10:35:42  
Excellent thank you. I wasn't aware of the "CRITICAL UPDATE Tuesday 15th December 2020" and have now updated it.
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.03 seconds. Snitz Forums 2000