|
Virtual Programming VP-ASP Shopping Cart Shop$DB.ASP Cross-Site Scripting Vulnerability
Solution: The vendor has recommended the following fix. Edit file shop$db.asp. Add the line 'rc=instr(lmsg, "=")' to the location that it appears in the following code segment: Locate these lines Sub CleanseMessage (msg, rc) dim lmsg, pos lmsg=lcase(msg) pos=instr(lmsg, "<script>") If pos> 0 then rc=4 else rc=0 rc=instr(lmsg, "=") end if end sub Further information regarding this fix can be found at the following location: http://www.vpasp.com/virtprog/info/faq_securityfixes.htm |
|
|
Privacy Statement |
