Dangerous Stored XSS Vulnerability in Magento

Dangerous Stored XSS Vulnerability in Magento

Sucuri Disclosure of Magento Vulnerability

During an audit of their WAF, Sucuri discovered a dangerous, but also easy to exploit, Stored XSS Vulnerability in all versions of Magento. The issue could allow attackers to take over your site, create new administrator accounts, steal client information – in fact anything a legitimate administrator account is allowed to do !

Sucuri responsibly disclosed this to the Magento team but worryingly it took them nearly two and a half months to release a patch for it ! That patch (Magento CE: 1.9,2.3, Magento EE: 1.14.2.3) was released on Friday 22nd January and every single Magento user is strongly encouraged to upgrade as soon as possible.

For full technical details of the vulnerability – see the original Sucuri Disclosure and kudos to them yet again for their great work.

The following two tabs change content below.
This is the main Havenswift Hosting company account that is used by different members of staff when making blog postings on behalf of the company rather than as individuals

There Are 2 Comments

charles on 25 Jan, 2016

Who or what is Magento?

Havenswift Hosting on 27 Jan, 2016

Magento is one of a large number of E-Commerce software products – see https://www.havenswift-hosting.co.uk/ecommerce-solutions/magento/ for basic details and https://www.havenswift-hosting.co.uk/website-hosting/magento-hosting/ for details of our semi-dedicated hosting packages for Magento. We primarily concentrate on providing high quality E-Commerce hosting solutions for customers but specialise in CubeCart, Magento and OpenCart and so look to inform our readers of issues with these products

Post Your Comment

Your email address will not be published. Required fields are marked *

Copyright Havenswift Hosting 2007-2020. All rights reserved.