Magento Multiple Vulnerabilities Fixed by CE 1.9.2.3, EE 1.14.2.3 and 2.0.1
Description
(#Several vulnerabilities were reported in Magento:#- APPSEC-1110: Excel formula injection via CSV/XML export, allowing a remote attacker to edit/export personal data, and potentially execute arbitrary code##- APPSEC-1171: information disclosure via RSS feed allowing a download of order comments and other order-related information##- APPSEC-1177: denial of service due to an improper parsing of accented characters in email address##- APPSEC-1179: cross-site request forgery##- APPSEC-1204: arbitrary code execution due to an improper sanitization of serialized objects##- APPSEC-1206: cross-site request forgery located in backend login page##- APPSEC-1208: information disclosure allowing a remote attacker to identify Admin Panel page##- APPSEC-1212: cross-site request forgery when deleting items from the shopping cart##- APPSEC-1213: cross-site scripting permanent in user email address when registering##- APPSEC-1214: cross-site scripting located in the translation feature##- APPSEC-1239: stored cross-site scripting located in order comments that relies upon the PayFlow Pro payment module##- APPSEC-1240: arbitrary code injection in database. This vulnerability stems from an improper input sanitization by Payflow Pro module##- APPSEC-1247: information disclosure. A remote attacker, with administrative privileges, could exploit it in order to access to sensitive information (configuration details, encryption keys and database connection) stored in cache##- APPSEC-1255: cross-site scripting located in cookie's header##- APPSEC-1260: stored cross-site scripting located in "HTTP_X_FORWARDED_FOR" header of the order view form, located in the Admin Panel page##- APPSEC-1263: stored cross-site scripting located in user name field in backend##- APPSEC-1267: stored cross-site scripting located in the fileupload form of product custom options##- APPSEC-1268: security bypass allowing a remote attacker to edit or delete reviews without permission. This vulnerability stems from an improper verification of request parameters##- APPSEC-1270: information disclosure. A remote attacker could exploit it via a bruteforce attack in order to access to guest order information##- APPSEC-1276: cross-site scripting located into custom option title##- APPSEC-1282: "MaliciousCode" filter bypass##- APPSEC-1283: CAPTCHA feature bypass##- APPSEC-1294: SQL injection allowing a remote attacker to access to sensitive information stored in database.##- APPSEC-1305: cross-site scripting located into the coupon code field of the Manage Shopping Cart page##- APPSEC-1306: arbitrary file upload. This vulnerability stems from an improper validation of file extensions.)
