Magento

Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-8121

  • EPSS 0.18%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:19

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulne...

8.8

CVE-2019-8122

  • EPSS 1.13%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product funct...

5.3

CVE-2019-8123

  • EPSS 0.09%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:19

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did no...

4.9

CVE-2019-8124

  • EPSS 0.2%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:19

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

7.2

CVE-2019-8125

  • EPSS 1.06%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:19

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

4.9

CVE-2019-8126

  • EPSS 0.11%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:20

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definiti...

8.8

CVE-2019-8127

  • EPSS 0.14%
  • Published 05.11.2019 23:15:12
  • Last modified 21.11.2024 04:49:20

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and re...

7.2

CVE-2019-8091

  • EPSS 1.06%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:16

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.

5.4

CVE-2019-8092

  • EPSS 0.18%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:16

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.

8.8

CVE-2019-8093

  • EPSS 0.2%
  • Published 05.11.2019 23:15:11
  • Last modified 21.11.2024 04:49:16

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.