Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Cross-site Scripting Vulnerability
 
zoooj
Member
 
Total Posts:  34
Joined:  2008-10-13
London, United Kingdom
 

I was looking for something completely different and came across this: http://xforce.iss.net/xforce/xfdb/48876. I guess it means someone is hijacking the session of a user. I’m not an expert in this area but I’m sure others on the forum are. The question is: how can it be fixed?

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Interesting find. The repercussions aren’t too great but it would have been nice of Varien had launched a temp fix with a day, not leaving this open and unanswered for 4 days.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top