Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-7909

  • EPSS 0.11%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

7.2

CVE-2019-7911

  • EPSS 0.33%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by a...

7.2

CVE-2019-7912

  • EPSS 0.33%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:56

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filter...

7.2

CVE-2019-7913

  • EPSS 0.25%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:57

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to e...

7.5

CVE-2019-7915

  • EPSS 0.35%
  • Veröffentlicht 02.08.2019 22:15:17
  • Zuletzt bearbeitet 21.11.2024 04:48:57

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page...

5.8

CVE-2019-7873

  • EPSS 0.03%
  • Veröffentlicht 02.08.2019 22:15:16
  • Zuletzt bearbeitet 21.11.2024 04:48:54

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

6.5

CVE-2019-7874

  • EPSS 0.03%
  • Veröffentlicht 02.08.2019 22:15:16
  • Zuletzt bearbeitet 21.11.2024 04:48:54

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

4.8

CVE-2019-7875

  • EPSS 0.11%
  • Veröffentlicht 02.08.2019 22:15:16
  • Zuletzt bearbeitet 21.11.2024 04:48:54

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

8.8

CVE-2019-7876

  • EPSS 0.84%
  • Veröffentlicht 02.08.2019 22:15:16
  • Zuletzt bearbeitet 21.11.2024 04:48:54

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

6.1

CVE-2019-7877

  • EPSS 0.08%
  • Veröffentlicht 02.08.2019 22:15:16
  • Zuletzt bearbeitet 21.11.2024 04:48:54

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.