Ok have now tried this on every version of Viart from 2.4 to 3.6 ...
On product_details .php and products.php there are cross site scripting issues where code can be arbitrarily injected.
We are running the latest version of php and fully patched server.
Was wondering if anyone else has encountered this or better yet has a fix.
Submitted a trouble ticket to Viart but apparently only generates a standard canned response vs getting someone to really look at the issues here.
This vulnerability has also been reported elsewhere on the web - just google it. Any ideas for a fix anyone?
Ravs_ViArt_Team
14 Jan 2010 5:40 PM
Hi,
ViArt did have some injection vulnerabilities in earlier versions, but they have been resolved. I can also confirm that the 3.6 release is completely stable and doesn’t have any such vulnerability.
Can you please send a support ticket using the “Get Support” link on the header stating the issue in detail and also include any test results. Please also send your site login details so that we can investigate further on this issue.