[VIM] Vendor ACK for Quick.cart XSS (CAN-2005-1587)
Steven M. Christey
coley at mitre.org
Thu Jul 7 14:30:52 EDT 2005
While wandering the Quick.Cart site looking for a way to download
without registering, just to try to figure out what lostmon got when
he claimed the SQL injection vuln, I ran across this:
http://opensolution.org/forum/?p=readTopic&nr=948
Quick.Cart v0.3.1 beta - please test it
2005-07-06 18:30:30
Changes:
...
security changes:
-- sWord variable used to find products is now parsed by htmlspecialchars( ) function
-- checking order status in order print window
- Steve
More information about the VIM
mailing list