Virtually all versions of Magento CE before 184.108.40.206 and Magento EE prior to 220.127.116.11 are at risk. The cause of the vulnerability is a portion of code badly written in Magento’s core libraries, back-end, or administrative control panel. The type of vulnerability is stored Cross-site Scripting (XSS), probably the most vulnerable source for sites around the world.
All sites created or maintained by Deltamatica on a Magento basis have been updated within 2 hours after patch release. In the 24 hours following the release of the vulnerability, several attack attempts were detected.