SUPEE-6285
Magento has released a new security patch for versions 1.6 and newer, SUPEE-6285
The vulnerabilities
This bundle includes protection against the following security-related issues:
- Customer Information Leak via RSS and Privilege Escalation
- Request Forgery in Magento Connect Leads to Code Execution
- Cross-site Scripting in Wishlist
- Cross-site Scripting in Cart
- Store Path Disclosure
- Permissions on Log Files too Broad
- Cross-site Scripting in Admin
- Cross-site Scripting in Orders RSS
What you need to do
You must apply this new security patch as soon as possible. It can be downloaded from https://www.magentocommerce.com/download
You can either patch the store yourself using the instructions below, or submit a (chargeable) maintenance support ticket at https://www.theclientarea.info where our support team can apply the patch on your behalf (est. 5-10 mins application time).
More information
Read more about the patch here, http://us5.campaign-archive1.com/?u=34ff0d4b547cfa0a6a6901212&id=d47fcf1c6d
