Magento Forum

   
Cross-site Scripting Vulnerability
 
zoooj
Member
 
Total Posts:  34
Joined:  2008-10-13
London, United Kingdom
 

I was looking for something completely different and came across this: http://xforce.iss.net/xforce/xfdb/48876. I guess it means someone is hijacking the session of a user. I’m not an expert in this area but I’m sure others on the forum are. The question is: how can it be fixed?

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Interesting find. The repercussions aren’t too great but it would have been nice of Varien had launched a temp fix with a day, not leaving this open and unanswered for 4 days.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top