Bug in Magento puts millions of e-commerce sites at risk of takeover
Millions of online merchants are at risk of hijacking attacks made possible by a just-patched vulnerability in the Magento e-commerce platform.
“The buggy snippet is located inside Magento core libraries, more specifically within the administrator’s backend,” a Sucuri advisory explained. “Unless you’re behind a WAF or you have a very heavily modified administration panel, you’re at risk. As this is a Stored XSS vulnerability, this issue could be used by attackers to take over your site, create new administrator accounts, steal client information, anything a legitimate administrator account is allowed to do.”
Read article here –