Posted on a security forum here: http://sla.ckers.org/forum/read.php?3,44,15626#msg-15626 XSS is here (warning, several alerts()): http://store.mozilla.org/product.php?code=mz1303223%22%3E%3Cscript%3Ealert(1)%3C/script%3E&catid=&offset=0 It looks like they emailed customer service at the store but customer service didn't understand the question.
Mike, this needs to be fixed ASAP, please. John, can you please follow-up with GatewayCDI to make sure this gets fixed and quickly?
Hi Mike. Like Reed said, we need to get this fixed as soon as possible. I'll check in with you tomorrow to see how things are coming. Once this is fixed, it would be best if you guys could do a site audit to make sure there aren't other things that could be exploited. Thanks, John
Assignee: jslater → mike.bommarito
Let us know if we can help somehow.
I have sanitized the data being passed and redirected on no product found. Thanks, Mike
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
You need to log in before you can comment on or make changes to this bug.