Magento ≫ Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

4.8

CVE-2019-7938

EPSS 0.11%
Published 02.08.2019 22:15:18
Last modified 21.11.2024 04:48:58

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

7.2

CVE-2019-7892

EPSS 0.83%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server...

7.2

CVE-2019-7895

EPSS 0.9%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update...

7.2

CVE-2019-7896

EPSS 0.9%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:55

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of pr...

4.8

CVE-2019-7897

EPSS 0.11%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

5.3

CVE-2019-7898

EPSS 0.06%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation...

5.3

CVE-2019-7899

EPSS 0.06%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2....

7.2

CVE-2019-7903

EPSS 0.92%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious t...

6.5

CVE-2019-7904

EPSS 0.06%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

4.8

CVE-2019-7908

EPSS 0.11%
Published 02.08.2019 22:15:17
Last modified 21.11.2024 04:48:56

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product informati...

<1...14151617181920...23>