Announcement

**gabrielcrowe** · 04-Sep-2007, 08:43 AM

for those interested, I have raised this problem with actinic and they assure me they are looking into it.

i have managaged a range of interesting 'tricks' with this xss malarky. previously working as a security analyist, i can assure you ALL that this information is of no threat to any shop owners. i'm not stoopid with info like that.

i think we should leave it alone until actinic get it all sorted. please, no more code examples, in case some noob decides to do something silly.

**GAViN��** · 27-Mar-2008, 04:46 PM

Originally posted by Bruce

John,

The issue does exist in v7 and has been sorted with v8.0.4 and above.

Kind regards,

We use Actinic Business v7
Has this issue been resolved?
We are in the process of becoming PCI DSS compliant for our website, and this is the vulnerability that we have come back as failed

I trust there is now a fix for this? Can you please point me in the right direction , as we need this issue sorted ASAP.

Surely Actinic are not selling a product with a security flaw like this that is/cannot be rectified.

V8 fix is no good for customers such as myself who have shelled out �800 on v7!!

**purple** · 27-Mar-2008, 05:10 PM

Hi Gavin

I do not know if the fix was made available in any v7 patches, but we did get it fixed in v703 by amending the actinic.pm file as provided by Actinic.

**GAViN��** · 28-Mar-2008, 08:40 AM

Originally posted by purple

Hi Gavin

I do not know if the fix was made available in any v7 patches, but we did get it fixed in v703 by amending the actinic.pm file as provided by Actinic.

Please Please Please! Can you please send me the modified actinic.pm file where you have fixed it?? I would be soooooooooooooo grateful!!!

**RuralWeb** · 28-Mar-2008, 09:07 AM

actinic are not selling software with a security problem as they have not sold v7 for at least two years now

**GAViN��** · 28-Mar-2008, 10:07 AM

Originally posted by RuralWeb

actinic are not selling software with a security problem as they have not sold v7 for at least two years now

Wrong we purchased Actinic v7 business from actinic direct LAST YEAR, so they are still selling it

**Mark H** · 28-Mar-2008, 10:17 AM

**puts pedantic hat on**

You bought it LAST YEAR, they don't sell it this year, so they are not still selling it.

**GAViN��** · 28-Mar-2008, 10:21 AM

Originally posted by Mark H

**puts pedantic hat on**

You bought it LAST YEAR, they don't sell it this year, so they are not still selling it.

Yeah - Malcolm said in the last two years, i merely stated we purchased it end of last year direct from actinic (it is only march!).

If they dont intend on supporting v7 then they should not be selling it still.
And before you say anything yes they do still sell it, so if they sell it, they should still be supporting it too.

Have e-mailed Actinic themselves, and they have not mentioned anything about not supporting v7 still.

**Goz** · 28-Mar-2008, 11:45 AM

Sorry Gavin - you got me confused.

You've been developing a V7 site since about December 2006 and you only bought V7 from Actinic in December 2007? I know you tried the 30 evaluation in July(-ish) 2006. I haven't understood how you been been developing it over the last 15 months without the trial version expiring.

**GAViN��** · 28-Mar-2008, 11:49 AM

Originally posted by Goz

Sorry Gavin - you got me confused.

You've been developing a V7 site since about December 2006 and you only bought V7 from Actinic in December 2007? I know you tried the 30 evaluation in July(-ish) 2006. I haven't understood how you been been developing it over the last 15 months without the trial version expiring.

Simple - Uninstalling the software and then re-installing it re-activates the 30 day trial. Someone on the forum told me about it.

Around July 2006 I was testing out different ecommerce software packages to see which would be the best suited for what we needed. And spent a good 2-3 months testing things out. But then other things took priority at work which meant have to put things to one side and then carried on again..

**KarenBM** · 28-Mar-2008, 09:05 PM

Regardless of whether Actinic has ceased selling V7 or not, if there is a fix available for a potential serious security risk could you please share? I'm quite concerned after reading this thread.

Thank you.

Kind Regards
Karen

**Mike Hughes** · 28-Mar-2008, 09:19 PM

Karen read this thread and then contact Actinic support if you want the patches. http://community.actinic.com/showthread.php?t=36495

Mike

**KarenBM** · 28-Mar-2008, 09:22 PM

Thank you Mike.

Kind Regards
Karen

**GAViN��** · 31-Mar-2008, 07:30 AM

Originally posted by purple

Hi Gavin

I do not know if the fix was made available in any v7 patches, but we did get it fixed in v703 by amending the actinic.pm file as provided by Actinic.

Hi Mate,
Thanks for the e-mail

**GAViN��** · 31-Mar-2008, 07:32 AM

Originally posted by KarenBM

Regardless of whether Actinic has ceased selling V7 or not, if there is a fix available for a potential serious security risk could you please share? I'm quite concerned after reading this thread.

Thank you.

Kind Regards
Karen

Karen,
If you need these patches ASAP then e-mail me through my profile.
I will send across the files needed. If your in desperate need for them, it may take actinic a day or two to send them across.

(This goes for anyone who requires them!)

Announcement

Cross Site Scripting issue?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment