--- In
shopzone@yahoogroups.com, "psrubin" <prubin1@...> wrote:
>
> Hi Steve and thanks for starting this group. I've recently become
aware
> that shopzone is susceptible to Cross Site Scripting. For example,
try
> this link:
>
>
http://www.kci2.com/st_main.html?
Submit=abc123&catid="><script>alert
> (document.cookie)</script>
>
> I've tried contacting automatedshops.com, however they seem to be
in
> some kind of transition, and not too keen on updated the webc code.
> Does anyone has any ideas to filter the input/output to prevent
this
> possibility?
>
Thanks for pointing that out. It doesn't look like anything that
I'll try to fix! You comments about the level of support for SZ from
Automated Shops reinforces what I have experienced. Take a look at
this link:
http://www.moonslice.com/support/ShopZone/
That makes me a little nervous!
Steve P.
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email