Magento

Magento Forum

Cross-site Scripting Vulnerability

zoooj Total Posts: 34 Joined: 2008-10-13 London, United Kingdom Ignore user	I was looking for something completely different and came across this: http://xforce.iss.net/xforce/xfdb/48876. I guess it means someone is hijacking the session of a user. I’m not an expert in this area but I’m sure others on the forum are. The question is: how can it be fixed?
	Posted: March 25 2009 \| top

J.T. Total Posts: 1961 Joined: 2008-08-07 London-ish, UK Ignore user	Interesting find. The repercussions aren’t too great but it would have been nice of Varien had launched a temp fix with a day, not leaving this open and unanswered for 4 days. Signature It takes two to tango, so don’t blame Magento right away if things go tits-up! Mage Quick FAQ Q. Installation problems with localhost/xamp/wamp/whatever and/or missing php extensions, help! A. Get Zend Server - Community Edition is free and will make things a lot easier on you now and when deploying to production
	Posted: March 30 2009 \| top \| # 1