Posted on 01/26/2016 7:25:54 PM PST by Utilizer
A new vulnerability in the eBay-owned Magento e-commerce platform could be remotely exploited to take over sites and steal client information, researchers have discovered.
Security vendor Sucuri discovered a stored cross-site scripting (XSS) vulnerability in the core system libraries for Magento Community Edition version 1.9.2.3 and earlier, and the Enterprise Edition version 1.14.2.3 and older.
The critical flaw could be triggered by sending an email to adminstrators.
Sucuri reported the bug to Magento's security team early in November last year. Magento acknowledged the vulnerability on 1 December 2015, but did not issue a patch until 21 January 2016.
The Magento SUPEE-7405 patch bundle fixes the stored XSS flaw, which can also be abused to create admin users and execute commands with full superuser rights.
(Excerpt) Read more at itnews.com.au ...
I understand you use ebay. You might be interested in this...
Thanks for the hedzup my FRiend :-)
Anytime, mate. Pass the word, right?
hackers can steal information not only from magento store
It’s good to know that the security issue was solved. I recently added one feature, found on https://www.aitoc.com/en/magento.html , to my website. It made my store more reliable and attractive to customers. + I can always rely on magento team support and not ready to switch to shopify or any other platform.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.