PT-2017-7919 · Magento · Magento Community Edition+1

Publicado

2017-12-30

Atualizado

2019-11-15

CVE-2016-10704

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Magento Community Edition versions prior to 2.0.10 Magento Enterprise Edition versions prior to 2.0.10 Magento Community Edition and Enterprise Edition versions 2.1.x prior to 2.1.2

Description The issue is related to cross-site scripting (XSS) via e-mail templates. These templates are mishandled during a preview, allowing for potential exploitation.

Recommendations For Magento Community Edition versions prior to 2.0.10, update to version 2.0.10 or later. For Magento Enterprise Edition versions prior to 2.0.10, update to version 2.0.10 or later. For Magento Community Edition and Enterprise Edition versions 2.1.x prior to 2.1.2, update to version 2.1.2 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2016-10704

Produtos afetados

Magento Community Edition

Magento Enterprise Edition

PT-2017-7919 · Magento · Magento Community Edition+1

CVE-2016-10704

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4