VirtueMart 3.2.6 has been released to address a minor XSS vulnerability present in previous versions as well as improve the infrastructure. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can close the leak by disabling the feed functions.
The vulnerability has been addressed by using getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.
DOWNLOAD VM3 NOWVirtueMart 3 component (core and AIO)
VirtueMart 3.2.6 Improvements
Important patch to prevent memory leak when switching languages.
usermodel, extra check if the already loaded user has...
Subscribe to this list via RSS
Blog posts tagged in virtuemart 3.2.6
VirtueMart 3.2.6 has been released to address a minor XSS vulnerability present in previous versions as well as improve the infrastructure. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can close the leak by disabling the feed functions.
The vulnerability has been addressed by using getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.
DOWNLOAD VM3 NOWVirtueMart 3 component (core and AIO)
VirtueMart 3.2.6 Improvements
Important patch to prevent memory leak when switching languages.
usermodel, extra check if the already loaded user has...