Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Author « Topic »  

Fingertech
Advanced Member

Canada
317 Posts

Posted - 06/17/2021 :  17:45:57  
I received an email from openbugnounty.org saying someone had found a vulnerability on the store template.
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79

Problem:
https://www.fingertechrobotics.com/proddetail.php?prod= > < svg/onload=alert 2 >
brings up an unintended alert.

Is there something that needs to be done about this?
Thanks in advance.

Vince
Administrator

42425 Posts

Posted - 06/18/2021 :  00:51:56  
Hi Fingertech
This looks like it is your "canonical" and "og:url" tags that are to blame, and I think looking at this post should resolve the issue...
https://www.ecommercetemplates.com/support/topic.asp?TOPIC_ID=104554

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Fingertech
Advanced Member

Canada
317 Posts

Posted - 06/18/2021 :  10:35:42  
Excellent thank you. I wasn't aware of the "CRITICAL UPDATE Tuesday 15th December 2020" and have now updated it.
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.03 seconds. Snitz Forums 2000