Installation of X-Cart security patch 2015-04-28
Installation of X-Cart security patch 2015-04-28
AFFECTED VERSIONS:
All X-Cart versions from 4.0.19 through 4.7.1
SEVERITY:
High
IMPACT:
• XSS vulnerability on the order search page (4.7.0 and 4.7.1 only);
• XSS vulnerability on the registration page (versions 4.7.1 and earlier);
• XSS vulnerability for the Customer_Reviews/Advanced_Customer_Reviews modules (versions 4.7.1 and earlier);
• XSS Smarty vulnerability (versions 4.6.1 and earlier);
• XSS vulnerability for the Product_Configurator(Product Wizard) module (versions 4.6.1 and earlier);
• Posible SQL injection on the cart page (versions 4.7.1 and earlier);
• Hacker can gain full access to the store's Admin back end in some cases for Platinum/Pro editions (versions 4.6.4 and earlier);
• X-Cart Protected Mode does not work in some cases (versions 4.6.4 and earlier);