Perhaps there are a lot of vulnerabilities sometimes will be ignored. Why? For instance cross-site scripting will be occurred on client or server side. If there is a cross-site scripting (XSS) vulnerability in the web application, it is not possible to prevent CSRF (cross site request forgery) since the cross site scripting will allow the attacker to grab the token and include the token with a forged request. However cross-site scripting (XSS) and CSRF are only the medium risk rating vulnerability in app scan definitions. As a result it couldn’t draw the software developers attention. OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers. A security expert found that Oneplus exploiting Magento eCommerce platform. Magento found XSS and CSRF vulnerabilities last year on May 2017. The patch released on Sep 2017. Do you think XSS and CSRF are the culprit of this credit card data breach incident? For more details about OnePlus credit card data breach incident status update. Please refer below url for reference.
Remark: Magento is an open source platform that provides merchants with control over their online stores and a shopping cart system, as well as tools to improve the visibility and management of the shop.