Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-7937
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.
Magento Magento
312
VMScore
CVE-2019-7866
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
Magento Magento
312
VMScore
CVE-2019-7880
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.
Magento Magento
578
VMScore
CVE-2019-7871
A security bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
Magento Magento
578
VMScore
CVE-2019-7896
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and X...
Magento Magento
312
VMScore
CVE-2019-7921
A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.
Magento Magento
445
VMScore
CVE-2019-7849
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x before 1.9.4.2, Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9 and Magento 2.3 before 2.3.2.
Magento Magento
356
VMScore
CVE-2019-7929
An information leakage vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http requ...
Magento Magento
312
VMScore
CVE-2019-7936
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.
Magento Magento
445
VMScore
CVE-2019-7852
A path disclosure vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties...
Magento Magento
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »