2.0.5 has an XSS vulnerability that I’m not going to publicly disclose here. I have already notified CS-Cart, but I don’t know how long it will take them to fix it.
Does anyone know how to run the PHP function htmlspecialchars() against a smarty variable? Or, does CS-Cart 2.0 have a built-in function to cleanse smarty variables?
My qualified scanning authority (QSA) found the vulnerability last night after I launched my first 2.0 store. I have not disclosed this vulnerability to anyone except CS-Cart support.
I found a simple fix and sent it to CS-Cart Support. Hopefully, they’ll release it in a minor update next week.
… 2.0.6 was released a few days ago…
[quote name=‘JesseLeeStringer’]… 2.0.6 was released a few days ago…[/QUOTE]
Does this mean - Noman’s store is safe?
I have 2.0.6. Thanks Jesse
[quote name=‘Noman’]Does this mean - Noman’s store is safe?
I have 2.0.6. Thanks Jesse[/quote]
It’s the first I’ve heard about it…
Any updates from anyone using v2.0.6? Getting ready to launch so I need to be sure all is good to go.