Magento

Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-7909

  • EPSS 0.11%
  • Published 02.08.2019 22:15:17
  • Last modified 21.11.2024 04:48:56

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

7.2

CVE-2019-7911

  • EPSS 0.33%
  • Published 02.08.2019 22:15:17
  • Last modified 21.11.2024 04:48:56

A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by a...

7.2

CVE-2019-7912

  • EPSS 0.33%
  • Published 02.08.2019 22:15:17
  • Last modified 21.11.2024 04:48:56

A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filter...

7.2

CVE-2019-7913

  • EPSS 0.25%
  • Published 02.08.2019 22:15:17
  • Last modified 21.11.2024 04:48:57

A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to e...

7.5

CVE-2019-7915

  • EPSS 0.35%
  • Published 02.08.2019 22:15:17
  • Last modified 21.11.2024 04:48:57

A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page...

5.8

CVE-2019-7873

  • EPSS 0.03%
  • Published 02.08.2019 22:15:16
  • Last modified 21.11.2024 04:48:54

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule.

6.5

CVE-2019-7874

  • EPSS 0.03%
  • Published 02.08.2019 22:15:16
  • Last modified 21.11.2024 04:48:54

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

4.8

CVE-2019-7875

  • EPSS 0.11%
  • Published 02.08.2019 22:15:16
  • Last modified 21.11.2024 04:48:54

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...

8.8

CVE-2019-7876

  • EPSS 0.84%
  • Published 02.08.2019 22:15:16
  • Last modified 21.11.2024 04:48:54

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

6.1

CVE-2019-7877

  • EPSS 0.08%
  • Published 02.08.2019 22:15:16
  • Last modified 21.11.2024 04:48:54

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.