Decription: SUPEE-6285 is a bundle of eight patches that resolves several security-related issues.
- Request Forgery in Magento Connect Leads to Code Execution - APPSEC-924
- Customer Information Leak via RSS and Privilege Escalation - APPSEC-996
- Cross-site Scripting in Wishlist - APPSEC-1012
- Cross-site Scripting in Cart - APPSEC-1005
- Store Path Disclosure - APPSEC-847
- Permissions on Log Files too Broad - APPSEC-802
- Cross-site Scripting in Admin - APPSEC-852
- Cross-site Scripting in Orders RSS - APPSEC-1012
- Magento CE prior to 126.96.36.199
- Magento EE prior to 188.8.131.52
Recommended action: Apply patch.