cancel
Showing results for 
Search instead for 
Did you mean: 

Patch SUPEE-7405 error

Patch SUPEE-7405 error

Hello,

I've tested the Pacth SUPEE-7405 and even tested in Magento 1.9.2.4 to insert Script in the email registration form, and I'm still can do it.

 

I've deleted the javascript restriction and validations in the form and inserted “><script>alert(1);</script>”@sucuri.net, and I could executed.

 

Regards

2 REPLIES

Re: Patch SUPEE-7405 error

Hi @ecaMO4W

 

Can you share some more details?

1) How did you install the patch?

2) Did you download it from Magento official site or from some other site?

3) After applying the patch have you verified that the code has been properly affected in the files mentioned in the patch?(I mean whether patch was applied successfully or not?)

 

 

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Patch SUPEE-7405 error

Hi,

I've applied the Patch but even so just to be sure, I've even installed a
new clean Magento version 1.9.2.4 just to test it.

In that installation I could insert easily also the script in the email
section, so is not about how I've installed the Patch, even in a clean
Magento is happenning.

I went deeper in the code and looks like the new function added to
implement the Zend validation "MaliciusCode", the attributes sent by the
registration Post are not being passed to that function.

Hope that helps.