Description

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.

Remediation

References

CVE-2016-2212

Related Vulnerabilities

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5715)

WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (2.5.2.1)

WordPress Plugin Advanced Dynamic Pricing for WooCommerce Multiple Vulnerabilities (4.1.5)

Severity

Medium

Classification

CVE-2016-2212 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities