Adobe

Adobe Commerce

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-36026

  • EPSS 2.06%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:58

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious s...

6.1

CVE-2021-36027

  • EPSS 2.06%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:58

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Mal...

7.2

CVE-2021-36028

  • EPSS 11.33%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:58

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script ...

7.2

CVE-2021-36029

  • EPSS 4.99%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code...

7.5

CVE-2021-36030

  • EPSS 1.43%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter...

6.5

CVE-2021-36031

  • EPSS 10.31%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability...

8.8

CVE-2021-36032

  • EPSS 0.87%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/m...

7.2

CVE-2021-36033

  • EPSS 11.33%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve re...

7.2

CVE-2021-36034

  • EPSS 5.48%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code exe...

7.2

CVE-2021-36035

  • EPSS 7.25%
  • Published 01.09.2021 15:15:09
  • Last modified 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve...