11/27/15 Zen Cart Security Patch


    

25.00

Add to Cart:

1. Problem with /ajax.php in v1.5.4 only - Severity: High
In Zen Cart v1.5.4 the /ajax.php file has a vulnerability which can be used to cause a server exploit under very specific conditions.
Requires replacing the ajax.php file with new one

Below are some additional lower-severity patches affecting prior versions, which should be reviewed carefully for your site, to merge with existing customizations you may have made:

2. XSS problem for unsanitized comment field - Severity: Medium
In Zen Cart versions up to and including v1.5.4 an XSS problem exists with the order-comments field.
XSS problems are where someone can drop in executable/javascript code that can cause problems later when that content is output back to the screen.
Requires patching /includes/modules/pages/checkout_confirmation/header_php.php,

3. Failed customer login puts password back in input box - Severity: Low
When attempting a login with an invalid password, the resulting response contains that invalid password.
Requires patching /includes/functions/html_output.php file
 


Customers who bought this product also purchased...

Shopping Cart

Your cart is empty.

Customer Reviews

FABULOUS!

We had Judy and her son work on our cart over the holidays. All anyone can say is WOW! They did a FABULOUS job with our upgrade! We will be...
Read More ->


SAVED ME

Judy, Thank you for saving me once again! Your patience, sense of humor, knowledge and availability ( not to mention that YOU ARE ALWAYS RIGHT)...I...
Read More ->


Thanks Judy

Judy thanks for all your help on my website... It's nice to know there are still honest people in the world! I now have the website I wanted...I wish...
Read More ->


Judy is the best!

I searched for 12 frustrating years for a web designer who is an expert, professional, and thorough; someone who cares about customers' needs, who...
Read More ->


Extraordinary

Judy your advice and guidance have far surpassed what we could have imagined. You brought our site from a desperate state to a professional...
Read More ->


Who's Online

There currently are 14 guests online.
Copyright © 2004 - 2021 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart