Fortinet’s FortiGuard Labs has discovered a persistent XSS attack that is recorded with CVE number “CVE-2015-3619”. This kind of attack can be executed with almost nil interaction by the admin. In certain circumstances it was possible to use a double encode combination of first_name, last_name and company to create a working javascript, which gets activated if an admin hoovers over the combined name of the order. Update your stores with VirtueMart 3.0.9

Fixed Issues:

VirtueMart 3.0.9 is able to refuse storing dangerous values as well as escape the tooltips to prevent problems with old orders.

vm2admin.js file fixed:

In addition, other fixes are already in vm3.0.8:

New Features in VM 3.0.9

  • New Ordering "ordering, name", which sorts for ordering if available, then for name.
  • If a product had more than one category and one was not publisehd it could happen that the selected category was the unpublished one. Is fixed.
  • Order item edit now uses the same function as the create/update function, which allows to use the same triggers for manipulating storing of the data.
  • "Give vendors switched in shoppers their rights", means a vendor switched into a shopper can still administrate the store.
  • Klarna replaced serialize against json_encode
  • Added the option to add js files inline (sometimes easier with ajax)
  • Add to cart can now be stopped by another js using e.stopSendtocart == true
  • Added test for the AIO to prevent blank page due to installion without proper VirtueMart core

 

DOWNLOAD VM3.0.9 NOW
VirtueMart 3 component (core and AIO)

 

We are updating all our VirtueMart Extenions as well as VirtueMart Joomla templates to be compatible with the latest VirtueMart version in order to bring you the best performance products. Keep in touch with us to get the latest information immediately.

Thanks for reading and hope it helps!

Login to post comments

advertise with us

Boost your traffic and expand your pool of potential customers

8000 active members

Ready to join Now?

CMS Portal - The free marketplace for submitting Joomla, Drupal, Wordpress, Magento, phpBB, Prestashop, vBulletin, Opencart Templates and more.

FOLLOW US

Email Newsletters

Make sure you don't miss interesting happenings by joining our newsletter program.
konya escort eskisehir escort canakkale escort samsun escort balikesir escort aydin escort hatay escort kahramanmaras escort giresun escort tokat escort
Joomla Templates Free Joomla Templates Virtuemart Templates K2 Templates JoomShopping Templates HikaShop Templates SobiPro Templates OpenCart Themes
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes
bettilt
tempobet