The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OS Commerce Exploit - What version in CP 6?

Discussion in 'General Discussion' started by sitehostz, Mar 28, 2003.

  1. sitehostz

    sitehostz Well-Known Member

    Joined:
    Nov 30, 2002
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Delaware
    osCommerce is a widely installed open source shopping e-commerce solution. Some XSS (cross-site scripting) problems exist in versions of osCommerce prior to 3/14/2003 that allows an attacker to inject arbitrary HTML code into a web page.
    An attacker could guide the victim to a specially crafted URL that, when followed, would send the cookie to the attacker.
    With the cookie of a user, an attacker would be able to hijack his account.

    Has Cpanel updated this and has a fix been included?

    Regards,
    Chris Bunting
     
Loading...

Share This Page