Description

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.

Remediation

References

CVE-2016-2212

Related Vulnerabilities

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2405)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.1.10)

WordPress Plugin Clockwork SMS Notfications Cross-Site Scripting (2.0.3)

WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)

Oracle Application Server Other Vulnerability (CVE-2002-1635)

Severity

Medium

Classification

CVE-2016-2212 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities