08/05/2009 09:27
A new vulnerability has been detected in X-Cart Gold software which can have major impact on your site:
SEVERITY:
Moderate
IMPACT
Malicious users may inject an active content (for instance: JavaScript) into the application to fool users in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user.
AFFECTED VERSIONS
All X-Cart versions
To view the details of the patch, please log into the X-Cart Forums and/or check the Members Area with X-Cart Gold. If you do not wish to apply the patch yourself, http://www.NetVisionWeb.com offers patch and programming services specifically for X-Cart users (they even have maintenance plans). You might want to contact them to apply the patch for you if you do not feel comfortable applying it yourself.
All questions regarding this exploit should be directed to X-Cart or NetVisionWeb for further disclosure.
Hands-on Web Hosting
