Full Disclosure

Inchoo Facebook Connect Extension for Magento Parameter XSS

Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html

Date:
04-Apr-2017

Product:
Inchoo Facebook Connect (Magento Plugin)

Vulnerability:
Reflected cross-site scripting.

Details:
Within ./app/code/community/Inchoo/Facebook/Block/Channel.php

return ‘<script src=”‘.($this->isSecure() ? ‘https://&apos; :
http://&apos

Leave a Reply