Securi has announced a Critical Security Vulnerability affecting almost all versions of Magento CE and Magento EE.
Quote:
Security Risk: Dangerous
Exploitation Level: Easy/Remote
DREAD Score: 7/10
Vulnerability: Stored XSS
Patched Version: Magento CE: 1.9,2.3, Magento EE: 1.14.2.3
This vulnerability affects almost every install of Magento CE <1.9.2.3 and Magento EE <1.14.2.3. The buggy snippet is located inside Magento core libraries, more specifically within the administrator’s backend...
|
https://blog.sucuri.net/2016/01/secu...n-magento.html
More information and patches can also be found from the Magento Website:
https://magento.com/security/patches/supee-7405
If you are using Magento you will want to immediately check for the appropriate patch or ungrade for your version.
As always FutureQuest encourages anyone running any scripts, such as
Magento, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
