There’s a new security vulnerability that has been found with Magento that is pretty severe and security firm Sucuri has summarised the risks:
As this is a Stored XSS vulnerability, this issue could be used by attackers to take over your site, create new administrator accounts, steal client informations, anything a legitimate administrator account is allowed to do.
There are two ways to resolve this problem – and we’d encourage you to speak to your web hosting company as soon as possible to get this patched up.
Here’s some interesting reading for you in the Sucuri Blog.
If you are stuck or need any help give us a call or send an email to [email protected].