Magento

Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-8139

  • EPSS 0.18%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:21

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.

4.9

CVE-2019-8140

  • EPSS 0.24%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:21

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform upl...

7.2

CVE-2019-8141

  • EPSS 1.6%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:21

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar...

5.4

CVE-2019-8142

  • EPSS 0.18%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:21

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods f...

6.5

CVE-2019-8143

  • EPSS 0.16%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:21

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the ...

9.8

CVE-2019-8144

  • EPSS 2.9%
  • Published 06.11.2019 00:15:11
  • Last modified 21.11.2024 04:49:22

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.

5.4

CVE-2019-8128

  • EPSS 0.18%
  • Published 06.11.2019 00:15:10
  • Last modified 21.11.2024 04:49:20

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.

5.4

CVE-2019-8129

  • EPSS 0.18%
  • Published 06.11.2019 00:15:10
  • Last modified 21.11.2024 04:49:20

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.

8.8

CVE-2019-8130

  • EPSS 0.13%
  • Published 06.11.2019 00:15:10
  • Last modified 21.11.2024 04:49:20

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instan...

5.4

CVE-2019-8131

  • EPSS 0.18%
  • Published 06.11.2019 00:15:10
  • Last modified 21.11.2024 04:49:20

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.