SuiteCommerce Advanced Troubleshoot for XSS Issues

Please note that the following has been taken (and slightly modified) from NetSuite’s Communication on the risk of Cross-Scripting issues related to SuiteCommerce Advanced. 

1. Which SCA version are you using?

If you are not sure which version your site is using, see How to determine which version of SuiteCommerce Advanced your site is using below. If you are not on one of the SCA versions listed above, you do not need to take any action. If you are using one of the vulnerable SCA releases listed above and you have not already made changes to the relevant lines of code to fix this vulnerability, continue to step 2.

How To determine which version of SuiteCommerce Advanced your site is using

On many SuiteCommerce sites, you can go to the home page, view source in your browser, scroll to the bottom of the page, and see your SuiteCommerce version number and other release-related information. If this does not work on your site, follow these steps to determine your SuiteCommerce version:

If your touch points are set on your domain name record:

  1. Log in in to NetSuite.
  2. Go to Setup > SuiteCommerce Advanced > Domains.
  3. Click View for your domain name.Your version of SuiteCommerce Advanced is shown in the Touch Points field.

If your touch points are set on your web site record:

  1. Log in in to NetSuite.
  2. Go to Setup > SuiteCommerce Advanced > Set Up Web Site.
  3. Click Edit for your web site.
  4. Go to the Touch Points subtab. Your version of SuiteCommerce is shown in the Web Application column.

2. If the version you are using is at risk:

  • Reach out to your NetSuite Customer Support
  • Reach out to your Big Bang experts

We will implement the fixes and make sure that sites running the 2018.2, Aconcagua, Kilimanjaro, and Vinson releases of SuiteCommerce Advanced will no longer be vulnerable to known Cross-site Scripting (XSS) issues.

 

Stay Connected with Big Bang

Subscribe to our newsletter below to stay up to date with our latest news, updates and insights.