CVE-2015-2068: Cross Site Scripting

February 24, 2015 (updated November 29, 2016)

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.

References

github.com/dweeves/magmi-git/commit/408320a2118f7474a482e968cd72c881bc712564
github.com/dweeves/magmi-git/releases/tag/0.7.22

Detect and mitigate CVE-2015-2068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →