Those of you running Magento might have noticed a critical warning regarding a new security patch in your admin panel. This patch fixes a number of permissions and cross site scripting vulnerabilities. A cross site scripting (or XSS) attack is carried out by injecting malicious code into a standard web page. This code is then sent back to the web server to be processed. If the validation carried out by the web server is not sufficient, then the malicious code can give the attacker access to the server or allow them to carry out malicious actions.
If we currently host your ecommerce site, no need to panic, your Magento installation has already been patched to address these exploits. By announcing new security patches, Magento also makes hackers aware of the vulnerabilities so it is vitally important that these patches are carried out as soon as they are fixed.
If you aren’t hosting your Magento with us, get in touch and one of our Magento experts can let you know if you’ve been patched yet.