Magento

Magento

222 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-8121

  • EPSS 0.18%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulne...

8.8

CVE-2019-8122

  • EPSS 1.13%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product funct...

5.3

CVE-2019-8123

  • EPSS 0.09%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did no...

4.9

CVE-2019-8124

  • EPSS 0.2%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

7.2

CVE-2019-8125

  • EPSS 1.06%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:19

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

4.9

CVE-2019-8126

  • EPSS 0.11%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:20

An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definiti...

8.8

CVE-2019-8127

  • EPSS 0.14%
  • Veröffentlicht 05.11.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:49:20

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and re...

7.2

CVE-2019-8091

  • EPSS 1.06%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:16

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.

5.4

CVE-2019-8092

  • EPSS 0.18%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:16

A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.

8.8

CVE-2019-8093

  • EPSS 0.2%
  • Veröffentlicht 05.11.2019 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:49:16

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.