AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 10:05:43 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5356 Members
Latest Member: Gagabaksik
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: MIVA Merchant "merchant.mvc" Cross Site Scripting Vulnerability 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: MIVA Merchant "merchant.mvc" Cross Site Scripting Vulnerability  (Read 794 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
MIVA Merchant "merchant.mvc" Cross Site Scripting Vulnerability
« on: September 17, 2005, 10:29:25 AM »
* Technical Description *

A vulnerability has been identified in MIVA Merchant, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in "merchant.mvc" when processing a specially crafted "Customer_Login" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

 * Affected Products *

MIVA Merchant version 5 and prior

 * Solution *

Apply patch core-4 :
http://smallbusiness.miva.com/products/merchant/

 * References *

http://www.frsirt.com/english/advisories/2005/1758
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: MIVA Merchant "merchant.mvc" Cross Site Scripting Vulnerability « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!