Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-7938

  • EPSS 0.11%
  • Veröffentlicht 02.08.2019 22:15:18
  • Zuletzt bearbeitet 21.11.2024 04:48:58

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

7.2

CVE-2019-7892

  • EPSS 0.83%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server...

7.2

CVE-2019-7895

  • EPSS 0.9%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...

7.2

CVE-2019-7896

  • EPSS 0.9%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of pr...

4.8

CVE-2019-7897

  • EPSS 0.11%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

5.3

CVE-2019-7898

  • EPSS 0.06%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation...

5.3

CVE-2019-7899

  • EPSS 0.06%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2....

7.2

CVE-2019-7903

  • EPSS 0.92%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious t...

6.5

CVE-2019-7904

  • EPSS 0.06%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

4.8

CVE-2019-7908

  • EPSS 0.11%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product informati...