Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-7937
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.
Magento Magento
4.8
CVSSv3
CVE-2019-7880
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.
Magento Magento
4.8
CVSSv3
CVE-2019-7866
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
Magento Magento
7.5
CVSSv3
CVE-2019-7849
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x before 1.9.4.2, Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9 and Magento 2.3 before 2.3.2.
Magento Magento
5.4
CVSSv3
CVE-2019-7921
A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.
Magento Magento
5.3
CVSSv3
CVE-2019-7852
A path disclosure vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties...
Magento Magento
4.8
CVSSv3
CVE-2019-7927
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.
Magento Magento
7.5
CVSSv3
CVE-2019-7928
A denial-of-service (DoS) vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magen...
Magento Magento
4.9
CVSSv3
CVE-2019-7929
An information leakage vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http requ...
Magento Magento
7.5
CVSSv3
CVE-2019-7951
An information leakage vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted ...
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »