Magento Cross Site Scripting Vulnerability Network Vulnerability

Summary

Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user supplied input.

Impact

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Solution

Ask the Vendor for an update.

Affected

Magento 1.9.0.1 Previous versions may also affected.

Detection

Check the md5sum of the affected .swf files

References

http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities