Cross-Site Scripting on Checkout

  • 0
  • 1
  • Question
  • Updated 6 years ago
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

FYI -
I noticed info about the recent 'upgrade/maintenance' on Sept 23, that a potential 'Cross Site Scripting' issue on Checkout had been corrected but maybe it hasn't.

As mentioned in a previous post, I have seen 'odd customer behavior' (on Checkout not View Cart) since we installed the Trust Seal on the Custom Checkout Footer (which is something I had not used until the install early September) and then after is when I started to see the unusual behavior (during Checkout customers began exploring our About Page which is something they never did during actual Checkout (really raised a Red Flag and at first thought it was because the Trust Seal was not matching the SSL name) but this behavior is continuing and I know it has cost us a number of completed sales (quite frankly, cannot blame consumers - it would stop me from purchasing also).

Below is a snip of another 'Homestead Store' Checkout page taken this morning (10/3/13):

Photo of S

S

  • 6,790 Points 5k badge 2x thumb

Posted 6 years ago

  • 0
  • 1
Photo of Mike F.

Mike F., Alum

  • 184,718 Points 100k badge 2x thumb
If you can generate this again from your store can you take a screenshot showing the full page with url and everything?

I'll have to gather more details and report this. What all pages does this occur on?
Photo of S

S

  • 6,790 Points 5k badge 2x thumb
Hello Mike -

This snip was taken on another storefront (shame on me) that was recently posted. (lol...I can't duplicate it on my site simply because I could not figure out how to 'revoke' all the permissions for my own site (through the no-script add-on in FireFox. I don't really want to post the full url (for privacy reason and will forward under separate cover.)

Thanks, Mike!
Photo of Mike F.

Mike F., Alum

  • 184,718 Points 100k badge 2x thumb
I have double checked with our Advanced Tech Support team and they are not yet sure what this is cause from, but likely settings in the browser.  If we can figure it out we'll certainly let you know.  With the change to Bigcommerce, I know they won't invest much time or resources in troubleshooting a system that will not be offered soon. But, if we figure it out we'll let you know.

Mike

Photo of S

S

  • 6,790 Points 5k badge 2x thumb
Yes, it is a browser 'security' setting which in today's environment I would guess many people use in one form or another. Certainly incentive to make the switch quickly! :)
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
I see you are in process, so it should not be long. I think you will be very pleased.

Drew
Photo of S

S

  • 6,790 Points 5k badge 2x thumb
Hey Drew -
I saw they hit our site last night (Friday) which showed a Migration page 'in progress' but sadly it appears 'stuck' there...may be normal and not something I am supposed to see.

I think you are correct in the long run but it does look complicated (like anything new I guess). I have been monitoring your posts (great job) and highlighting the ones I think I will need first but suddenly the list became VERY long...lol
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
Glad you see them. They should be very helpful. It generally takes 2-3 business days for them to get the store back to us, then we will do some work as well.

I have been posting a bunch of stuff.

Drew
Photo of S

S

  • 6,790 Points 5k badge 2x thumb
Indeed you all are working hard! We certainly appreciate it! Thanks for sharing the approximate time frame for turnaround (and feel free to return the Store in 'launch ready' mode! :)

Have a great evening,
Sally
Photo of Drew N

Drew N, Alum

  • 262,826 Points 100k badge 2x thumb
We will do all we can, but alas, there will be some for you as well. But I am sure you will not be disappointed.

Drew
Photo of S

S

  • 6,790 Points 5k badge 2x thumb
:) 'Launch Ready' was kind of a joke....had no idea you all were indeed helping with the initial set up! Spectacular and thank you for your kind service.
Photo of Mike F.

Mike F., Alum

  • 184,718 Points 100k badge 2x thumb
You're welcome Sally.

This conversation is no longer open for comments or replies.