Telerik recently announced a vulnerability in their controls, which AspDotNetStorefront uses for the WYSIWYG editor on several pages in the admin console. Store admins are strongly recommended to download and install the patch available at https://license.aspdotnetstorefront.com for versions PRIOR to 10.0.25.
NOTE: These instructions assume you are a subscriber to our Year Round Benefits program. If you do not see the patch in your license portal 'Software Updates' tab (versions 9.5.1 - 10.0.24), then please check your eligibility with our ASPDNSF Help Desk . If you have onboarded to our preFIX model, then you don’t need to take any action – your store is always-up-to-date.
Installing the Telerik Patch
Uncustomized Sites (if you're unsure if the files below have been modified, contact your developer or whoever does the technical work on your site):
Backup your site files. Please contact your site host if necessary.
Execute the installation file locally by double-clicking the downloaded .exe file and run through the prompts, selecting an empty folder location on your computer.
Copy these files from the extracted files (from the folder for your site version) on your computer to your site, overwriting the existing files. Note that the "Web" folder in your site files may be "wwwroot" or similar.
Restart your site in IIS (or ask your hosting provider to do so). That's it!
Customized Sites (this should only be done by a knowledgeable developer):
Follow the 'Uncustomized Sites' directions above, but also copy the new DLLs into the AssemblyReferences folder wherever you maintain the site's source code. This will ensure that the updated, patched version of the DLLs are pulled in when the site is rebuilt in the future.
*1 NOTE: If clicking the download link in the 'Software Updates' tab does not download the patch, Right-click on the download link, select 'Copy link address', open a new browser tab, paste the link into the address bar, and press Enter (refresh the page with the copied address).