Local Storage seems to be disabled in your browser.
For the best experience on our site, be sure to turn on Local Storage in your browser.

Build your own Magento store from $500/mo Check Now
Hire our certified developer at $12/hr Hire Now
Our CVE-2025-54236 Session Reaper Patch is released!! Install Now
My Cart
Email / Chat
Skype & Line
Search
Menu
Client Area

XXE

  1. Security How to

    Why `\Magento\Framework\Xml\Security` is not secure? And how to bypass

    wubinworks team - December 19, 2024 92

    Class \Magento\Framework\Xml\Security in Magento 2 framework is intended to prevent XXE and its scan method can detect entities in XML input, by design. However, we found a way to bypass the scan method...

    Read more
  2. Security How to

    CVE-2024-34102(a.k.a CosmicSting) How to Defend

    wubinworks team - September 12, 2024 205

    How to fix CVE-2024-34102 -- a CVSS Score 9.8(Critical) and RCE possible vulnerability? Upgrade Magento to greater than 2.4.7-p1 is the best solution, but sometimes this could not be done in a few days...

    Read more
  3. Security How to

    CVE-2024-34102(a.k.a CosmicSting) How to Attack

    wubinworks team - September 10, 2024 206

    CVE-2024-34102(Now it can be chained with another bug to RCE) was discovered in 2023 and its details were published in June 2024. There already exists verified exploit script on the internet. By exploiting...

    Read more
Categories
Recent Posts
`magento` appears in URL when "Use Web Server Rewrites" set to "No" and in CLI environment
`magento` appears in URL when "Use Web Server Rewrites" set to "No" and in CLI environment
July 01, 2025
CVE-2024-34102 Cosmic Sting Online Checker
CVE-2024-34102 Cosmic Sting Online Checker
March 09, 2025
Correct Way To Detect Customer Login On Magento 2 Frontend With Full Page Cache
Correct Way To Detect Customer Login On Magento 2 Frontend With Full Page Cache
February 10, 2025
How to display a notice when customer selects certain Payment Method in Magento 2?
How to display a notice when customer selects certain Payment Method in Magento 2?
January 23, 2025
Customization for searching empty field in Magento 2 Admin Grid
Customization for searching empty field in Magento 2 Admin Grid
December 31, 2024
Archive
July 2025
March 2025
February 2025
January 2025
December 2024
September 2024
August 2024
Tags
Magento 2 security CVE-2034-34102 Cosmic Sting Customization Development Bug Cache CDN Full Page Cache cve WebAPI How to XXE security tool CosmicSting Performance Varnish How It Works encryption key Knockout.js Javascript Frontend Block Cache Cache Lifetime Layout Cache FPC X-Magento-Tags ESI Block Tags IdentityInterface Cache Purging TTL attack defend JWT Authentication key rotation token config.xml ModularConfigSource xml framework Admin Grid Filter UI Component Search Criteria SQL Checkout Payment Method