XSS Hole found in Opencart v.1.5.x - up to v.1.5.6.5_rc
Translation:
To check on the address:
http://demo.myopencart.ru/index.php?rou ... t/cart/add
send a POST request with data:
product_id = 47% 253Csvg% 2520onload% 253Dprompt (1234)% 253E & quantity = 1
FIX:
https://github.com/ocStore/ocStore/comm ... b0c0b6feef
I tested it in my OC v.1.5.6.5_rc, and the FIX seems to work.
Ernie
hitline.info/shop/
My Github OC Site: https://github.com/IP-CAM
5'600 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Who is online
Users browsing this forum: No registered users and 1 guest
