1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Critical vulnerabilities patched in Magento e-commerce platform

Discussion in 'CSO' started by RSS, Jan 26, 2016.

  1. RSS

    RSS New Member Member

    If you're running an online shop based on the Magento e-commerce platform, it's a good idea to update it as soon as possible. The latest patches fix critical vulnerabilities that could allow attackers to hijack administrative accounts.

    One issue was discovered by researchers from Web security firm Sucuri and stems from improper validation of email addresses in the customer registration form.

    The flaw allows a malicious user to include JavaScript code in the email field, leading to a so-called stored cross-site scripting (XSS) attack. The JavaScript code is saved along with the form and is triggered when the user account is listed in the website's back-end panel.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page