Justin C. Klein Keane has discovered some vulnerabilities in Magento, which can be exploited by malicious users to conduct script insertion attacks.
Input passed to the "Name" and "Product SKU" fields when adding a product, to the "Group Name" field when adding customer groups, to the "Name" field when adding root categories or attribute sets, to the "Class Name" field when adding customer or product tax classes, to the "Tax Identifier" field when adding tax rates, and to the "Poll Question" and "Answer Title" fields when adding polls, is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.
The vulnerabilities are confirmed in version 184.108.40.206. Other versions may also be affected.
Solution: Restrict management access to trusted users only. Filter malicious characters and character sequences in a web proxy.
Provided and/or discovered by: Justin C. Klein Keane
Original Advisory: http://www.madirish.net/?article=445
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com