Squirrelcart suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the ‘table’ GET parameter in the ‘index.php’ script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Squirrelcart Security Patch #SC130218
Release date: 02/19/2013
XSS (Cross Site Scripting) vulnerability patch
Affected Squirrelcart versions: v2.0.0 – 3.5.4
How to find your version number:
You can locate your Squirrelcart version in the upper right hand corner of your control panel.
Patch Info and Instructions
This is a patch for protecting against a XSS (Cross Site Scripting) vulnerability that was discovered on 02/19/2013 by Zero Science Lab:
http://www.zeroscience.mk/. This vulnerability is due to the table parameter passed in the control panel not being sanitized properly,
ZSL Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5128.php