Hi bros and sis, just doing a PCI Scan and have got as below
This version of JQuery is susceptible to cross-site scripting when passing HTML from untrusted sources even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others).
Upgrade jQuery to version 3.5.0 or higher.
PCI Status Fail
Any idea how to sort it out please?
Regards Marian
Best course of action is to move away from payment methods that store (or process) credit card info locally on your server. If you move to something like Square (or many other modern payment processors) you can drop PCI certifications and save yourself a whole lot of time and money. We have a Square payment addon called Squarepay. You can review it here: https://ez-ms.com/squarepay.html
Hi bros and sis, just doing a PCI Scan and have got as below
This version of JQuery is susceptible to cross-site scripting when passing HTML from untrusted sources even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others).
Upgrade jQuery to version 3.5.0 or higher.
PCI Status Fail
Any idea how to sort it out please?
Regards Marian
This will be fixed in a future CS-Cart version. They are already aware and have implemented a patch.
Thanks EZ but if you want take a payment over the phone you must be PCI compliance
So now the CS Cart is not PCI compliance at all :-( It is sad very sad.
Regards
Not if you are entering the cc data into an Iframe (on the payment provider's site) versus an input field. No cc data is ever on your site (unless of course you write it down which would be bad practice in any environment).
What about the guys from cscart? They are hiding? :-) or sleeping :-) or they want me to ask about $$$ support :-) ridiculous :-) no body cares :-)
Forget the cs-team they never care about customer reviews
So :-) someone has fixed for us :-) it was my it genuis :-) I am going to run another PCI test and will inform you :-)
Regards Marian