osCMax Security Update - XSS flaw patched

**michael_s** · 01-27-2009, 08:31 PM

This is for osCMax only, not osCommerce.

If you have installed the mod Printable Catalog into your standard osCommerce shop, go to addons.oscommerce.com and download the v3.6 printable catalog mod and use it to update your site.

If you have not installed Printable Catalog on your shop, this does not apply to you.

Originally Posted by ecom

FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.

im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
where do i overwrite the file?

DreamOn2003 · 01-27-2009, 11:41 PM

Thanks a lot for the patch, but thanks for using pm also

jpf · 01-28-2009, 12:27 AM

Originally Posted by ecom

FTP upload the included file to the /catalog/templates/fallback/content/ directory, overwriting the existing file.

im using the oscommerce-2.2rc2a ..didnt find template directory ..so ..
where do i overwrite the file?

This is a osCMax release! Not a osCommerce RC2 release -----they don't have/use templates.

Dranoel · 01-28-2009, 07:22 AM

Thanks for the security message--- file updated and works great!

johnedgley · 01-30-2009, 03:16 AM

Many thanks for the pm and the speedy fix - much appreciated!

chevelle · 02-02-2009, 08:59 AM

Hello Michael,

Sorry about the post to your Profile Page - Didn't know I should post this in the forum.

Trying to install the security fix dated Jan. 27, 2009.

Cart version v2.2 RC2 installed via Cpanel.

I don't see the path or file name via ftp.

/catalog/templates/fallback/content/

When viewing the cart I don't see a printable catalog link either.

Thanks,
Steve Boyd
Tucson, Arizona

**mfleeson** · 02-02-2009, 09:32 AM

Hey Chevelle

The fix is only for oscmax users. 2.2RC2 is an oscommerce release so doesnt have templates.

Best Wishes

Mark

**michael_s** · 02-02-2009, 10:04 AM

Steve, like Mark said, osCommerce 2.2RC2a is not affected by this security problem unless you manually added the Printable Catalog (any version prior to v3.6 which is the patch we released) to your osCommerce store.

If you are not using osCMax, and don't have printable catalog installed, you are safe from this one.

farhang_roosta · 02-06-2009, 01:58 PM

thanks thanks

heatherk · 03-31-2009, 12:42 PM

if this isn't fixed on the site, would it allow someone to upload files to your site - we recently had a site compromised and we're trying to figure out how they got in.

Thread: osCMax Security Update - XSS flaw patched

Thread Tools

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Re: osCMax Security Update - XSS flaw patched

Similar Threads

osCMax Security Update - Arbitrary Upload Exploit

Cart Quantity Security Flaw Patch

Cart Quantity Security Flaw Patch

osCMax 2.0RC2 Security Patch/Update 051112

osCMax 2.0RC2 Security Patch/Update 051112

Bookmarks

Bookmarks

Posting Permissions