Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Packet Storm
Packet Stormadded 2016/02/25 12:0 a.m.193 views

Magento 1.9.2.2 RSS Feed Information Disclosure

------------------------------------------------------------------ Magento load$data'orderid'; 94. if $order-getId 95. && $order-getIncrementId == $data'incrementid' 96. && $order-getCustomerId == $data'customerid' 97. 98. return $order; 99. 100. 101. return null; 102. User input passed through t...

5CVSS5.4AI score0.02687EPSS
Exploits2
The Hacker News
The Hacker Newsadded 2016/01/26 8:25 p.m.11 views

Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk

If you are using Magento to run your e-commerce website, it's time for you to update the CMS content management system now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting XSS vulnerabilities in the Magento, the most popular e-commerc...

5.3AI score
Exploits0
ThreatPost
ThreatPostadded 2016/01/25 4:31 p.m.17 views

Magento Update Addresses XSS, CSRF Vulnerabilities

Magento patched 20 vulnerabilities last week, including a stored cross-site scripting XSS flaw in the e-commerce platform that could have let an attacker take over a site and create new admin accounts. Researchers at Sucuri dug up the XSS vulnerability while combing through research audits last...

5.9AI score
Exploits0References3
Rows per page
Query Builder