Script tag in "sidenav.php" is causing Cross Site Scripting issue

[pstucker]

In the file “\app\design\frontend\sns_riveshop\default\template\sns\blocks\sidenav.php”, there is a script tag, which changes an icon in the template.

If someone attempts to attack the site with a php inserted script. for example,

www.site.com?<script>alert%28%27TK00000101%27%29<script>

An artifact of the sidenav.php script appears at the bottom of layered navigation.

[Author]

Posts