Varien Magento versions 1.2.0 and 220.127.116.11 contain multiple cross-site scripting vulnerabilities that could allow an unauthenticated, remote attacker to execute script code in a user's browser in the security context of an affected site.
The first vulnerability exists in the username field of the index.php/admin/ page, and the second vulnerability exists in the e-mail address field of the index.php/admin/index/forgotpassword/ page. The third vulnerability exists in the return parameter of the downloader page. An unauthenticated, remote attacker could exploit these vulnerabilities by creating malicious links that, when clicked by a targeted user, inject script code into the vulnerable parameter of the affected web page. An exploit could result in arbitrary code execution in the user's browser in the security context of the affected site, which could allow the attacker to obtain authentication cookies and possibly take actions on the affected site as the user.
An attacker must rely on social engineering tactics to convince a user to follow a crafted link, which may be delivered via e-mail or an instant messenger application.
Varien has not confirmed these vulnerabilities, and updated software is not available.