A bug in the popular Magento e-commerce platform was found by James Gollat who was testing the backend to see if it was possible to delete products offline when launching an HTTP head fake.
The security update addresses a critical vulnerability in Magento. This is the 8th critical Patch Update of 2016. Adobe has urged users to update their systems to protect their websites from abuse of the flaw, which has been assigned the maximum possible severity (CVSS) score of 10.
CVE-2022-35698, a stored XSS vulnerability was patched by Adobe. You can confirm the patch installation from your Magento developer or by reaching out to your Magento development partner.
The security risk allows hackers to get hold of customer information as well to take control of the entire website.
The flaw affects versions 2.4.4-p1 and earlier, as well as 2.4.5 and earlier, of Adobe Commerce and Magento Open Source, and is addressed in 2.4.5-p1, 2.4.4-p2 versions.
The vulnerability could affect as many as 267,000 e-commerce stores that are running on Magento.
Keep reading our blog stay updated with more Magento news, updates, and security related information.