Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-7868

  • EPSS 0.08%
  • Veröffentlicht 02.08.2019 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:48:53

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.

4.8

CVE-2019-7869

  • EPSS 0.08%
  • Veröffentlicht 02.08.2019 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:48:53

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.

8.8

CVE-2019-7871

  • EPSS 0.25%
  • Veröffentlicht 02.08.2019 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:48:53

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP scrip...

6.5

CVE-2019-7872

  • EPSS 0.09%
  • Veröffentlicht 02.08.2019 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:48:54

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to ad...

7.5

CVE-2019-7849

  • EPSS 0.05%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:51

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2....

6.5

CVE-2019-7851

  • EPSS 0.03%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:51

A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.

5.3

CVE-2019-7852

  • EPSS 0.06%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:51

A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location...

4.8

CVE-2019-7853

  • EPSS 0.1%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:51

A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the ...

7.5

CVE-2019-7854

  • EPSS 0.09%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:52

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

5.3

CVE-2019-7855

  • EPSS 0.24%
  • Veröffentlicht 02.08.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 04:48:52

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.