Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.4.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-21029
Magento versions 2.4.1 (and previous versions), 2.4.0-p1 (and previous versions) and 2.3.6 (and previous versions) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution i...
Magento Magento
Magento Magento 2.3.6
Magento Magento 2.4.0
Magento Magento 2.4.1
6.5
CVSSv3
CVE-2021-28567
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer da...
Magento Magento
4.8
CVSSv3
CVE-2021-28556
Magento versions 2.4.2 (and previous versions), 2.4.1-p1 (and previous versions) and 2.3.6-p1 (and previous versions) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by a...
Magento Magento
6.6
CVSSv3
CVE-2023-38249
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
6.6
CVSSv3
CVE-2023-38250
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
5.3
CVSSv3
CVE-2023-38251
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-se...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
8.8
CVSSv3
CVE-2023-38218
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information expo...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
8.7
CVSSv3
CVE-2023-38219
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged maliciou...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
7.5
CVSSv3
CVE-2023-38220
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that ...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
6.6
CVSSv3
CVE-2023-38221
Adobe Commerce versions 2.4.7-beta1 (and previous versions), 2.4.6-p2 (and previous versions), 2.4.5-p4 (and previous versions) and 2.4.4-p5 (and previous versions) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v...
Adobe Commerce 2.3.7
Adobe Commerce 2.4.3
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce 2.4.6
Adobe Magento 2.4.4
Adobe Magento 2.4.5
Adobe Magento 2.4.6
Adobe Commerce 2.4.0
Adobe Commerce 2.4.1
Adobe Commerce 2.4.2
Adobe Magento 2.4.7
Adobe Commerce 2.4.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »