| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
security bulletin - 3.3.0 up to 4.0.11 | ||||
|
|
Thread Tools |
#11
|
|||||||
|
|||||||
Quote:
Yes, but: 1) In order to send mass mail to your customers one needs to know e-mail addresses of your customers. 2) If your customers click just any link they receive, there is no need to create this complex hacking schemes. Hacker could just add a link to some site that exploits Internet Explorer vulnerabilities (or inject this code in HTML e-mail) and thus simply install a trojan horse that would able to steal any info from customer, not just passwords for the store. And this will work with any web store. |
|||||||
#12
|
|||||||
|
|||||||
Quote:
May I suppose you didn't follow to the recommendation to upgrade to 3.5.6 we advised in the 'Security system upgrade for X-Cart' message (Help Desk, Apr 15 2004)? The script prepare.php that is included into this update pack considers the improvements of the security system we made for 3.5.x branch. We can provide you with a separate prepare.php script that will suite for 3.5.4, however it will fix this CSS vulnerability but not the other more serious security issues in your store. I highly recommend you to upgrade.
__________________
Vladimir Semyonov Lead Software Engineer |
|||||||
#13
|
|||||||
|
|||||||
but according to the patch - the prepare.php would be suitable for all 3.5.x versions.
__________________
ex x-cart guru |
|||||||
#14
|
|||||||||
|
|||||||||
**except 3.5.6 **
gotta read the fine print. |
|||||||||
#15
|
|||||||
|
|||||||
File <xcart_security_fix_3.3.0-4.0.11_20050127.tgz> is updated in the File area, please redownload it.
__________________
Vladimir Semyonov Lead Software Engineer |
|||||||
#16
|
|||||||
|
|||||||
Hmmm, am I missing something? Upgrade to 3.5.6? I didn't know I had to do that! What's the security vulnerability in 3.5.4 then, I assume it's different from the release #20041221 security bulletin -the only one I've ever had.
Thanks Dan
__________________
4.4.2 and 4.6.1 |
|||||||
#17
|
|||||||
|
|||||||
Oh, I remember this...I did ask!
Quote:
__________________
4.4.2 and 4.6.1 |
|||||||
#18
|
|||||||
|
|||||||
so the revision to the patch is what? to account for non 3.5.6 + users? or to repair the redirection error issue?
__________________
ex x-cart guru |
|||||||
#19
|
|||||||
|
|||||||
In the alert the condition is specified as "Using IE"
So is this an IE flaw that we are patching xcart for or per se does it also affect someone using Firefox?
__________________
No longer using Xcart, was good while it lasted. |
|||||||
#20
|
|||||||
|
|||||||
I applied the patch on 3.5.11 with no side effects.
__________________
X-Cart 5.3.x |
|||||||
|
|||
X-Cart forums © 2001-2020
|