A trio of vulnerabilities were recently patched in eBay s Magento e-commerce web application that could have let attackers carry out a handful of exploits, including phishing, session hijacking, and data interception. A researcher at the firm Vulnerability Lab dug up the problems earlier this year but it wasn’t until this week that they were disclosed, along with proof of concept logs and videos. Web stores running on Magento, purchased from eBay in 2011, make up about 30 percent of the eCommerce market.
Source: https://threatpost.com/trio-of-vulnerabilities-patched-in-magneto-web-app/113399/