Forum Forum Magento Theme SNS Riveshop – Magento Theme Script tag in "sidenav.php" is causing Cross Site Scripting issue

  • Author
  • #15135


    In the file “\app\design\frontend\sns_riveshop\default\template\sns\blocks\sidenav.php”, there is a script tag, which changes an icon in the template.

    If someone attempts to attack the site with a php inserted script. for example,<script>alert%28%27TK00000101%27%29<script>

    An artifact of the sidenav.php script appears at the bottom of layered navigation.

You must be logged in to reply to this topic. Click here to login or register