• Security Release VirtueMart 3.8.6 Closing an XSS Vulnerability

    A new XSS was found by 4N_CURZE (https://www.openbugbounty.org/researchers/4N_CURZE/). It took a while to reproduce it, because it was caused by the manufactuer dropdown, which is not always activated. The problem itself was easy to fix, although the value was whitelisted everywhere else, it was missing for the manufacturer drop-down list. Since the previous release some features got added. The long desired multicart system got implemented. Multicart means for a multi-vendor shop, that there is...

    Read More ...

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.4 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible for an attacker with administrator permissions to manipulate or gain information from the database with a specially crafted URL.

Solution: An patch is available that contains new versions of the affected files: SecurityFix_vm114_012910.zip.

General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Testimonial

In the last 4 months has improved greatly and is stable, there are many new and interesting extensions that enhance its functionality. Congratulations to the team. 

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.