Magento patch SUPEE-6285

Posted on Posted in Magento

Decription: SUPEE-6285 is a bundle of eight patches that resolves several security-related issues.

Items fixed:

  • Request Forgery in Magento Connect Leads to Code Execution - APPSEC-924
  • Customer Information Leak via RSS and Privilege Escalation - APPSEC-996
  • Cross-site Scripting in Wishlist - APPSEC-1012
  • Cross-site Scripting in Cart - APPSEC-1005
  • Store Path Disclosure - APPSEC-847
  • Permissions on Log Files too Broad - APPSEC-802
  • Cross-site Scripting in Admin - APPSEC-852
  • Cross-site Scripting in Orders RSS - APPSEC-1012

Affected versions:

  • Magento CE prior to
  • Magento EE prior to

Recommended action: Apply patch.

Origin URLs:


Leave a Reply

Your email address will not be published. Required fields are marked *