PT-2014-90: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the account.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How ...

PT-2014-92: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the func.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to...

PT-2014-93: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the 2.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fix...

PT-2014-91: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the index.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to...

PT-2014-89: Open Redirect in ShopOS

The specialists of the Positive Research center have detected an Open Redirect vulnerability in ShopOS. Open redirect in the redirector.php script allows remote attackers to control user redirection. This vulnerability can be exploited to conduct a series of attacks against users of the web...

PT-2014-86: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 5.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-84: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 2.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-83: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 1.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-85: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 3.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-80: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Cross-site scripting in the currencies.php script allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fi...

PT-2014-87: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the index.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensiti...

PT-2014-79: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Cross-site scripting in the market.php script allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fix No...