Magento Multiple XSS Critical Vulnerabilities : Patch Available
Magento , one of the most popular Ebay owned E-commerce platforms has been discovered to have multiple XSS vulnerabilities . These are Critical Vulnerabilities and can cause the complete Magento Store to be compromised .
Goodnews for Magento store owners is the Patch has been released .
20 vulnerabilities have been fixed in the SUPEE-7405 patch bundle for the 1.* branch, of which two are marked Critical and four High. Affected versions include all versions of Magento Community Edition prior to 126.96.36.199 and all versions of Magento Enterprise Edition prior to 188.8.131.52.
Critical XSS (Cross-Site Scripting) vulnerabilities have been found in both version 1 and 2 of the popular Magento ecommerce platform.
If you run a Magento website, we recommend that you should update it now.
There are 11 vulnerabilities fixed in Magento 2.0.1 Security Update for the 2.* branch, of which one is Critical and three High.
Affected versions in the 2.* branch include all versions of Magento Community Edition and Magento Enterprise Edition prior to 2.0.1.
The most serious though are the Critical XSS vulnerabilities.
Each of these Magento Multiple XSS Critical Vulnerabilities could be used to take over vulnerable eCommerce sites, putting the stores’ users and their credit card data at risk, as well representing a serious threat to the business behind the store.
All an attacker’s software needs to do is register for a vulnerable store using a spiked email address (or a spiked username if it’s running version 2).
Here is what all an attacke is able to do once the magento store has been compromised .
- Effectively take over a Magento-based online store
- Escalate user privileges
- Steal customer data (Credit card info ; Personal data ;)
- Steal credit card information
- Control the website via administrator accounts
- and many more malicious activities
It is advised to our valued readers to patch the Magento store with the SUPEE-7405 patch bundle to the earliest . Please patch Magento Multiple XSS Critical Vulnerabilities at the earliest.