Magento

Magento

222 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2019-8230

  • EPSS 0.19%
  • Published 06.11.2019 00:15:13
  • Last modified 21.11.2024 04:49:32

In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

7.2

CVE-2019-8231

  • EPSS 0.19%
  • Published 06.11.2019 00:15:13
  • Last modified 21.11.2024 04:49:32

In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

6.6

CVE-2019-8232

  • EPSS 0.15%
  • Published 06.11.2019 00:15:13
  • Last modified 21.11.2024 04:49:32

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race con...

6.1

CVE-2019-8233

  • EPSS 0.53%
  • Published 06.11.2019 00:15:13
  • Last modified 21.11.2024 04:49:32

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.

5.4

CVE-2019-8146

  • EPSS 0.18%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores.

5.4

CVE-2019-8147

  • EPSS 0.18%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label.

4.8

CVE-2019-8148

  • EPSS 2.14%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.

9.8

CVE-2019-8149

  • EPSS 0.42%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authenticat...

8.8

CVE-2019-8150

  • EPSS 1.13%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.

7.2

CVE-2019-8151

  • EPSS 1.11%
  • Published 06.11.2019 00:15:12
  • Last modified 21.11.2024 04:49:22

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request f...