Virtually all versions of Magento CE before 22.214.171.124 and Magento EE prior to 126.96.36.199 are at risk. The cause of the vulnerability is a portion of code badly written in Magento’s core libraries, back-end, or administrative control panel. The type of vulnerability is stored Cross-site Scripting (XSS), probably the most vulnerable source for sites around the world.
All sites created or maintained by Deltamatica on a Magento basis have been updated within 2 hours after patch release. In the 24 hours following the release of the vulnerability, several attack attempts were detected.