Cross-Site Scripting (XSS) And Arbitrary Code Execution

dweeves/magmi-git is vulnerable to cross-site scripting XSS and arbitrary code execution attacks. The attacks are possible because user-supplied data prefix are being input to the magmi-git-master/magmi/web/ajaxgettime.php URL without enough filtering...

CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of...