Security News > 2017 > May > Defeating Magento security mechanisms: Attacks used in the real world (Help Net Security)

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, this article describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome. Examples will be aimed at Magento 2, but most of them can be applied … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/YDAckUOBGew/