by | 1 Feb 2016

eCommerce: Critical XSS flaws in Magento

Hundreds of thousands of websites, many that sell good or services, are at risk of hijacking attacks made possible by a just-patched vulnerability in the Magento e-commerce platform. Critical XSS (Cross-Site Scripting) vulnerabilities have been found in both version 1 and 2 of the popular Magento ecommerce platform. Magento is extremely popular and this means every Magento user should be on their guard. Discover in this article more information on this new vulnerability and how to prevent future XSS vulnerabilities from reaching your online shop.

What is a Cross-Site Scripting (XSS) vulnerability?

What is a Cross-Site Scripting (#XSS) vulnerability? Click To Tweet

XSS bugs are among the most widely exploited website vulnerability. They’re the result of Web applications that fail to strip executable code out of user-supplied input entered into websites. Anyone who relies on Magento should install an update as soon as possible.

What happened this time ?

A critical XSS (Cross-Site Scripting) vulnerabilities have been found in both version 1 and 2 of the popular Magento eCommerce platform. If you run a Magento website, you should update it immediately because the stored XSS flaws allow attackers to:

  • Effectively take over a Magento-based online store
  • Escalate user privileges
  • Siphon customers’ data
  • Steal credit card information
  • Control the website via administrator accounts

Magento also released a patch bundle last week called SUPEE-7405 that can be applied to older versions.

Why you should be worried about this XSS vulnerability?

Why you should be worried about this #XSS vulnerability? Click To Tweet

According to the company that develops the e-commerce platform, Magento is used by over 200,000 companies, including many popular brand owners. A 2015 survey of the top 1 million websites by traffic found that Magento is used by around 30 percent of their online shops, making it the most popular e-commerce platform.

Magento is extremely popular and this means every Magento user should be on their guard. Criminals aren’t interested in hacking just one or two stores, and they don’t care if your site’s a whale or a minnow. They use software to target and take over as many sites as they can in the most cost-effective way so they can harvest customer data, steal credit cards and turn the sites in to distribution channels for malware and spam.

How to prevent your eCommerce site from future XSS attacks?

How to prevent your #eCommerce site from future #XSS attacks? Click To Tweet

Most often, patching is not immediately possible. We advise you to put in place an effective cybersecurity solution to protect your eCommerce site.

OZON is a cybersecurity solution dedicated to eCommerce platforms. It takes only minutes to be sheltered from sophisticated cyber-attacks and frauds threatening your activity. Our solution is designed for all major eCommerce platforms including PrestaShop, Magento and WooCommerce. With our security experts on your side, focus on your business. So to ensure the security of your PrestaShop or Magento site, test our solution now. Block attacks, frauds, find vulnerabilities and malware are now our business. Try Now for Free!

Share This