Zen Cart on Friday released an updated version of the popular online open source shopping cart application to address multiple Cross-Site Scripting (XSS) vulnerabilities.
The security issues were discovered by Trustwave and are said to affect Zen Cart 1.5.4 and potentially prior versions. Zen Cart released version 1.5.5 to resolve the security flaws and also introduced a new sanitization class with a number of sanitization groups, each meant to perform a defined sanitizations on specific GET/POST parameters.
