ID de Prueba:	1.3.6.1.4.1.25623.1.0.806672
Categoría:	Web application abuses
Título:	Magento Stored XSS Vulnerability (SUPEE-7405)
Resumen:	Magento is prone to a stored cross-site scripting (XSS); vulnerability.
Descripción:	Summary: Magento is prone to a stored cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists due to error in the app/design/adminhtml/default/default/template/sales/order/view/info.phtml script where email address given by user is not validated before using it in backend. Vulnerability Impact: Successfully exploiting this issue allow remote attackers to take over affected site, create new administrator accounts, steal client information and do anything a legitimate administrator account can do. Affected Software/OS: Magento prior to version 1.9.2.3 (CE) and 1.14.2.3 (EE). Solution: Update to version 1.9.2.3 (CE), 1.14.2.3 (EE) or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.