"inject arbitrary JavaScript that is triggered when an employee reviews the cancelled order." Funk #javascript https://www.securityweek.com/magento-patches-flaws-leading-site-takeover
Magento recently addressed vulnerabilities that could be exploited by unauthenticated attackers to hijack administrative sessions and then completely take over vulnerable web stores.
securityweek.com
Get replies from creators like Dr. Roy Schestowitz ...
