Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-8114
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file...
Magento Magento 2.3.2
Magento Magento
5
CVSSv2
CVE-2019-8116
Insecure authentication and session management vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Magento Magento 2.3.2
Magento Magento
5
CVSSv2
CVE-2019-8118
Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Magento Magento
Magento Magento 2.3.2
1 Github repository
4
CVSSv2
CVE-2019-8124
An insufficient logging and monitoring vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Magento Magento
Magento Magento 2.3.2
4
CVSSv2
CVE-2019-8126
An XML entity injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing...
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8127
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively pe...
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2019-8128
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
Magento Magento 2.3.2
Magento Magento
3.5
CVSSv2
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8130
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2019-8131
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.
Magento Magento 2.3.2
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »