What is CVE-2015-2068?

CVE-2015-2068 is a vulnerability in Magmi_project Magmi, classified under Cross-site Scripting. Published 2015-02-24.

Is CVE-2015-2068 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Magmi_project Magmi

CVE-2015-2068

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUER…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.019 (83.8th percentile) — read the EPSS interpretation.

Affected products

Magmi_project Magmi
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

74879 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
35996 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2015-2068?: CVE-2015-2068 is a vulnerability in Magmi_project Magmi, classified under Cross-site Scripting. Published 2015-02-24.
Is CVE-2015-2068 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.