Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-21024
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an una...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
NA
CVE-2021-21026
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by an improper authorization vulnerability in the integrations module. Successful exploitation could lead to unauthorized access to restricted resources...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4.8
CVSSv3
CVE-2021-21029
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution i...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.0
Magento Magento 2.4.1
NA
CVE-2021-21030
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
NA
CVE-2021-21031
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not req...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
NA
CVE-2021-21032
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin cons...
Magento Magento
Magento Magento 2.4.1
Magento Magento 2.4.0
Magento Magento 2.3.6
4.2
CVSSv3
CVE-2021-28583
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an malicious user to get un...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.1
Magento Magento 2.4.2
7.2
CVSSv3
CVE-2021-28584
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an auth...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.1
Magento Magento 2.4.2
5.3
CVSSv3
CVE-2021-28585
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an malicious user to send unsolicited sp...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.1
Magento Magento 2.4.2
4.8
CVSSv3
CVE-2021-28556
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by a...
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »