A rather serious exploit/bug emerged in the Magento eCommerce platform recently and it is causing some concern for Internet sellers who use the incredibly popular platform.
The XSS bug was found in every version of Magento Community Edition before 220.127.116.11, and in the Enterprise Edition before 18.104.22.168. The exploited portion was found in the administrator’s backend, which made for a potentially serious problem. Unless behind a Web application firewall (WAF), or otherwise operating a really customized environment that might have surpassed the problem it might essentially open up administrator privileges to any hacker.
If Magento users install the newly developed patch, that should be the end of the problem, at least for this particular iteration. Magento exploits seem to be on the rise so it would be wise for online retailers using the platform, as well as developers and IT working in and around that environment to keep close tabs on emerging threats.