Magento Cross Site Requst Forgery / Cross Site Scripting
Posted by deepcore on October 8, 2017 – 1:13 pm
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
Post a reply
You must be logged in to post a comment.