A rather serious exploit/bug emerged in the Magento ecommerce platform recently and it is causing some concern for Internet sellers who use the incredibly popular platform.
The problem is that, while the bug was patched somewhat quickly, there might be additional problems that could put online merchants further at risk. Sucuri, a security research firm, found the bug and noted that said bug could be used to bring in JavaScript code in customer registration forms that could later be used against said customers.
The XSS bug was found in every version of Magento Community Edition before 1.9.2.3, and in the Enterprise Edition before 1.14.2.3. The exploited portion was found in the administrator's backend, which made for a potentially serious problem. Unless behind a Web application firewall (WAF), or otherwise operating a really customized environment that might have surpassed the problem it might essentially open up administrator privileges to any hacker.
If Magento users install the newly developed patch, that should be the end of the problem, at least for this particular iteration. Magento exploits seem to be on the rise so it would be wise for online retailers using the platform, as well as developers and IT working in and around that environment to keep close tabs on emerging threats.
