Description
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32810
exploitdb
WORKING POC
VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32809
exploitdb
WORKING POC
VERIFIED
by Loukas Kalenderidis · textwebappsphp
https://www.exploit-db.com/exploits/32808
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33872
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1021746
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48876
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48877
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48878
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34000
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0257.html
Scores
EPSS
0.0077
EPSS Percentile
73.6%
Details
CWE
CWE-79
Status
published
Products (2)
magentocommerc/magento
1.2.0
magentocommerc/magento
1.2.1.1
Published
Feb 25, 2009
Tracked Since
Feb 18, 2026