ManFromDet

Also, I'm using version 1.6.08

I wouldn't necessarily mark this thread as "solved", but for those that have the same problem, this is what I did (approximately): - I made sure to go to Advance Settings -> Performance -> and turn off force compile and cache. There are multiple settings on the performance page, turn them ALL off. - Completely install, then RESET the problem module. Then, uninstall and DELETE the module. (Follow these steps in this order.) - Then install the module of your choice. My problem went away after a couple of hours of playing with the back end in this manner. I hope this helps someone else, as there are a quite a few threads with my exact same question - but no real answer.

I receive this error: "This module is already installed: module name" Trying to correct an Authorize.net problem. This module stopped working. I reinstalled the module using both FTP (uncompressed) and .zip files, nothing. The status in the back office remains stuck as "install". Any suggestions? Thx.

Can anyone else chime-in on the possible causes and fixes for the CGI cross script errors? It just seems really odd that this issue doesn't come up often, or at all recently, in the forums (after searching). There must be something incorrect about my specific installation, but this is just a guess.

To: VanessaBoutique Just wanted to suggest the following: 1) upgrade your current PayPal module to the most current version. 2) Uninstall your PayPal module. (Not just deactivate, but actually uninstall.) 3) Reinstall (and reactivate) the module. 4) Add your business PayPal account details and save. Be sure to capture all the details in full - the signature field has lots of characters that go beyond the field's container. I would even suggest copying a pasting the values in a text file, and then copy and pat the values into your back office. These are the steps I followed. My PayPal account is working perfectly. Customers place their orders and I receive the order details in my back office, as well as the money in my account. I hope this helps.

I cannot determine if the security checker succeeded in inserting code; my skill level with Prestashop isn't quite that sophistcated. I don't have a designer, I have a theme that I purchased from Theme Forrest. I modified it for my shop (using the included menus, no backend hacks). The support forum for my chosen theme is pretty active - but this issue hasn't come up for other users. If there are no other general suggestions for correcting this issue, then hiring a professional to take a look may be my only choce?

Thanks... but I have NO IDEA how to apply this proposed fix.

Maybe (and i know this is a very simplistic answer) I should just switch hosts to a more Prestashop-familiar company like InMotion... could there be some unidentified settings within my current setup that would be fixed by simply switching hosts?

I've searched the forums for issues pertaining to "CGI Generic Cross-Site Scripting" errors found during PCI compliance scans, and most were several years old and reffered to very old versions of Prestashop. I'm using version 1.6.08. Repeated PCI scans have lead me to this last issue: Description: CGI Generic Cross-Site Scripting (comprehensive test) Synopsis: The remote web server is prone to cross-site scripting attacks. Impact: The remote web server hosts CGI scripts that fail to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. These XSS are likely to be 'non-persistent' or 'reflected'. See also : http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent http://www.nessus.org/u?9717ad85 http://projects.webappsec.org/Cross- Site+Scripting Data Received: Using the GET HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to cross-site scripting (comprehensive test) : + The 'title' parameter of the /heroes/32-muhammad-ali- swag.html CGI : /heroes/32-muhammad-ali- swag.html?title=<%00script>alert(219);</script%0 0> -------- output -------- [...] li-swag.html?title=<%00script>alert (219);</script%00>"/><meta property=" [...] <script type="text/javascript">/* <![CDATA[ */;var CUSTOMIZE_TEXTF [...] ------ ------------------ + The 'id_product' parameter of the /heroes/32-muhammad-ali-swag.html CGI : /heroes/32-muhammad-ali- swag.html?id_product=<%00script>alert(219);</scr ipt%00> ------- - output -------- [...] ag.html?id_product=<%00script>alert (219);</script%00>"/><meta property=" [...] <script type="text/javascript">/* <![CDATA[ */;var CUSTOMIZE_TEXTF [...] ------ ------------------ + The 'criterion[1]' parameter of the /heroes/32-muhammad-ali- swag.html CGI : /heroes/32-muhammad-ali- swag.html?criterion[1]=<%00script>alert(219);</s cript%00> ------ -- output -------- [...] .html?criterion[1]=<%00script>alert (219);</script%00>"/><meta property=" [...] <script type="text/javascript">/* <![CDATA[ */;var CUSTOMIZE_TEXTF [...] ------ ------------------ + The 'content' parameter of the /heroes/32-muhammad-ali-swag.html CGI : /heroes/32 -muhammad-ali-swag.html?content=<%00script>alert(219);</script %00> -------- output -------- [...] -swag.html?content=<%00script >alert(219);</script%00>"/><meta property=" [...] <script type="text/javascript">/* <![CDATA[ */;var CUSTOMIZE_TEXTF [...] ------ ------------------ + The 'title' parameter of the /heroes/32-muhammad-ali-swag.html CGI : /heroes/32 -muhammad-ali-swag.html?title=<%00script>alert(219);</script%0 0>&id_product=32&criterion[1]=1&content= -------- output -------- [...] li-swag.html?title=<%00script>alert(219);</scrip t%00>&id_product=32&crit [...] <script type=" These entries are several pages long in the report (Security Metrics). And there are 4 or 5 of these repeated error messages listed as well. I'm running my installation of Prestashop on a Virtual Private Server (VPS), hosted by TotalServerSolutions.com. Prestashop is the only application running in my share. Because I see so few of these posts, and they are old, I'm hoping there's a single comprehensive reason why I'm receiving these errors. Any help or guidance in resolving this issue would be greatly appreciated. Thanks.

As identified by another user, Paypal was working fine - then stopped. I tested and it seems to be working again. Hopefully it will keep working. If not, i will check back for further updates.

Adding myself to this thread so that I can read everyone's feedback... I have the same problem as decribed by everyone else. I installed v1.3.8 and reconfigured. Hopefully this will fix the problem. Thx.

Thank you!!! I've spent the past month trying to overcome the PS learning curve as I setup my shop. This forum is absolutely helpful. Thank you once again!

Forgive me is this is posted elsewhere, but I couldn't find anything after searching. If it is already posted, a link to the information would be appreciated. Is there a common procedure to update the default text within a given module? Example: - "Featured Products" could be changed to "Featured Shoes" instead, if you're a shoe salesman. - "New Products" could be changed to "New Curtains" if you sell curtains online. I suspect that it would involve editing a given (php?) file on the sever. If there is a better way, please share. Thanks.

THANK YOU!!!! Works perfectly now.

Version 1.6.0.8 When I attempt to upload an image to a new static / CMS page (like "About Us" for example), I get a broken image icon. After I uploaded a new image to Prestashop... I went to: Preferences -> CMS -> EDIT desired page -> Tools -> Source Code I added this: <img src="../img/cms/5x5_image.jpg" width="5" height="5" /> After saving, this is what appears: <p><img src="%5C" alt="""""" /></p> What causes this change and how can I keep this from happening?