Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
John Cobb (Guest)
John Cobb (Guest)
DESCRIPTION:
John Cobb has discovered two vulnerabilities in ViArt Shop Free,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
 
Input passed to the "forum_id" parameter in forum.php and the
"item_id" parameter in reviews.php isn't properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
 
The vulnerabilities have been confirmed in version 2.5.5. Other
versions may also be affected.
 
SOLUTION:
Apply patch available from the vendor.
http://www.codetosell.com/downloads/xss_fix.zip
Last modified: 25 Jun 2006 11:26 AM
 
neosim
neosim
Thx John.