A rather serious exploit/bug emerged in the Magento ecommerce platform recently and it is causing some concern for Internet sellers who use the incredibly popular platform.
The XSS bug was found in every version of Magento Community Edition before 188.8.131.52, and in the Enterprise Edition before 184.108.40.206. The exploited portion was found in the administrator's backend, which made for a potentially serious problem. Unless behind a Web application firewall (WAF), or otherwise operating a really customized environment that might have surpassed the problem it might essentially open up administrator privileges to any hacker.
If Magento users install the newly developed patch, that should be the end of the problem, at least for this particular iteration. Magento exploits seem to be on the rise so it would be wise for online retailers using the platform, as well as developers and IT working in and around that environment to keep close tabs on emerging threats.
Digital marketing executive with proven experience in all aspects of search engine optimization (SEO), performance-based advertising, consumer-generated/social media, email marketing, lead generation, Web design, usability, and analytics. - 20-year Internet marketing veteran, currently serving as the Digital Marketing Campaign Manager at Antenna Group (formerly Chicago Digital). - Former Editor-In-Chief of Website Magazine, and a regular speaker on Web technology digital marketing strategy - Author of several books on digital marketing Including Web 360: The Fundamentals of Web Success; Affiliate 360: The Fundamentals of Performance Marketing; Domains 360: The Fundamentals of Buying & Selling Domain Names, and SEO 360: The Fundamentals of Search Engine Optimization.