Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.5 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-24408
Magento versions 2.4.0 and 2.3.5p1 (and previous versions) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated malicious user to execute XSS attacks...
Magento Magento 2.3.5
Magento Magento 2.4.0
Magento Magento
4.9
CVSSv3
CVE-2020-24402
Magento version 2.4.0 and 2.3.5p1 (and previous versions) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the...
Magento Magento 2.3.5
Magento Magento
Magento Magento 2.4.0
9.8
CVSSv3
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
NA
CVE-2015-5161
The Zend_Xml_Security::scan in ZendXml prior to 1.0.1 and Zend Framework prior to 1.12.14, 2.x prior to 2.4.6, and 2.5.x prior to 2.5.2, when running under PHP-FPM in a threaded environment, allows remote malicious users to bypass security checks and conduct XML external entity (...
Zend Zend Framework 2.2.4
Zend Zend Framework 1.10.6
Zend Zend Framework 2.3.0
Zend Zend Framework 1.10.0
Zend Zend Framework 2.0.6
Zend Zend Framework 1.12.12
Zend Zend Framework 2.0.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.11.0
Zend Zend Framework 1.10.3
Zend Zend Framework 2.0.2
Zend Zend Framework 1.11.4
Zend Zend Framework 1.7.4
Zend Zend Framework 2.3.6
Zend Zend Framework 1.7.5
Zend Zend Framework 1.12.11
Zend Zend Framework 1.10.5
Zend Zend Framework 1.11.11
Zend Zend Framework 1.10.8
Zend Zend Framework 1.12.2
Zend Zend Framework 2.0.1
Zend Zend Framework 2.1.0
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2