 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2009-0541 |
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.105224 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0541 BugTraq ID: 33872 http://www.securityfocus.com/bid/33872 http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0257.html http://securitytracker.com/id?1021746 http://secunia.com/advisories/34000 XForce ISS Database: magento-forgotpasswordaction-xss(48877) https://exchange.xforce.ibmcloud.com/vulnerabilities/48877 XForce ISS Database: magento-login-xss(48876) https://exchange.xforce.ibmcloud.com/vulnerabilities/48876 XForce ISS Database: magneto-downloader-xss(48878) https://exchange.xforce.ibmcloud.com/vulnerabilities/48878 |