Instart Logic Security Suite Detects and Blocks Magento XSS Vulnerability

Secured - Magento XSS Vulnerability

Magento, a popular e-Commerce platform and an Instart Logic partner, patched multiple vulnerabilities last week, including a persistent cross-site scripting (XSS) vulnerability.

The good news is that Instart Logic customers who use our security suite were already protected against this vulnerability even before it was patched.

How does a persistent XSS attack work?

By leveraging persistent (stored) XSS, a hacker can input a dangerous payload and have it saved by the server. In this case, Magento did not validate the email user inputs in the registration form, so the attacker could input a malicious JavaScript and have it executed in the backend every time the order is viewed. This vulnerability gives the attacker the ability to hijack an administrative session and perform all the administrative actions using that account.

How can you protect your Magento website?

If you are an Instart Logic customer and you are using our security suite, you are already protected. Otherwise, make sure you upgrade immediately to Magento CE and Magento EE before hackers exploit this vulnerability in your site.

Learn more about Instart Logic: