From 80ad7b665e0bfc5657cf3a3fbec661bcac258660 Mon Sep 17 00:00:00 2001 From: Matthias Zeis Date: Thu, 25 Jul 2019 13:59:16 +0200 Subject: [PATCH] Mirasvit_Helpdesk vulnerable up to version 1.5.14 (#40) * Mirasvit_Helpdesk vulnerable up to version 1.5.14 There was no security announcement, but Mirasvit_Helpdesk has a "possible XSS security issue" up to 1.5.14: https://mirasvit.com/doc/extension_helpdesk/current/changelog * Add underscore to Mirasvit modules per new procedure --- magento1-vulnerable-extensions.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/magento1-vulnerable-extensions.csv b/magento1-vulnerable-extensions.csv index e7a5000..fc7f10a 100644 --- a/magento1-vulnerable-extensions.csv +++ b/magento1-vulnerable-extensions.csv @@ -64,7 +64,7 @@ Magmi,0.7.22,/magmi/,http://magmi.org/magmi-security-issue-solved/,http://wiki.m Magpleasure_Common,0.8.13,/admin/magpleasure/ajaxform/save/,https://www.alterweb.nl/techtalk/magpleasure_common-security-issue,Abandoned Magpleasure_Filesystem,,,http://www.magpleasure.com/blog/quick-survey-should-we-leave-the-file-system-extension-alive.html, MD_Quickview,,,https://magento.com/security/vulnerabilities/sql-injection-vulnerability, -_Mirasvit_Helpdesk,1.5.3,,https://mirasvit.com/blog/helpdesk-mx-for-magento-1-security-issue.html,https://mirasvit.com/magento-extensions/helpdesk.html +_Mirasvit_Helpdesk,1.5.14,,https://mirasvit.com/doc/extension_helpdesk/current/changelog,https://mirasvit.com/magento-extensions/helpdesk.html _Mirasvit_SEO,1.3.16,,https://mirasvit.com/doc/extension_seosuite/current/changelog,https://mirasvit.com/magento-extensions/advanced-seo-suite.html MW_Affiliate,,mw_aref=,martin@magemojo.com to gwillem@gmail.com, Netgo_Gwishlist,,/netgocust/Gwishlist/updategwishlist/,https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/,https://github.com/wesleyalmd/mageGwishlist/