CVE-2015-2068

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
References
Link Resource
http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/35996 Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/74879 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:*

Information

Published : 2015-02-24 09:59

Updated : 2020-07-06 08:06


NVD link : CVE-2015-2068

Mitre link : CVE-2015-2068


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

magmi_project

  • magmi