Magmi Cross-Site Scripting v.0.7.22 CVE-2017-7391 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Magmi Cross-Site Scripting v.0.7.22 CVE-2017-7391 Scanner Detail

Magmi version 0.7.22 allows some harmful javascript code.

A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Some Advice for Common Problems

  • Keep your Magmi application Up-to-Date.
  • In addition to code update processes, organizations should also deploy WAFs to help identify active attacks.

 

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service