Magento Cross Site Requst Forgery / Cross Site Scripting

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to, Magento Commerce prior to, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.

MD5 | 6fac5f12b988c5d618dd41e90f4d5591

Related Posts