Last week, Magento released a very important bundle of patches for their eponymous e-commerce platform that should be implemented as soon as possible. The bundle plugs a number of critical vulnerabilities, including two stored cross-site scripting (XSS) flaws that can be easily exploited by attackers to take over the site’s shop. Sucuri Security has provided more details about one of these, which has been discovered by their vulnerability researcher Marc-Alexandre Montpas. The bug can be exploited remotely by simply adding JavaScript code to the email address entered into the customer registration form on the site.
View full story
ORIGINAL SOURCE: Help Net Security