Test Kennung:	1.3.6.1.4.1.25623.1.0.140649
Kategorie:	Web application abuses
Titel:	Magento XSS Vulnerability
Zusammenfassung:	Magento is prone to multiple vulnerabilities.
Beschreibung:	Summary: Magento is prone to multiple vulnerabilities. Vulnerability Insight: Magento is prone to multiple vulnerabilities: - Remote Code Execution in checkout - SQL injection in Zend Framework - Stored Cross-Site Scripting in email templates - Stored XSS in invitations - Order item with altered price - Guest order view protection code vulnerable to brute-force attack - Cross-Site Scripting in section loading - Unauthorized removal of customer address - Full Page Cache poisoning - Information disclosure in maintenance mode - Local file inclusion - Removal of currently logged-in administrator - CSRF delete items from mini cart - Session does not expire on logout - Admin users can create backups regardless of privileges Affected Software/OS: Magento prior to 2.0.10 and 2.1.x. Solution: Update to version 2.0.10, 2.1.2 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5301
Copyright	This script is Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.