Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-8147
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label.
Magento Magento
Magento Magento 2.3.2
312
VMScore
CVE-2019-8148
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.
Magento Magento 2.3.2
Magento Magento
578
VMScore
CVE-2019-8150
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.
Magento Magento
Magento Magento 2.3.2
383
VMScore
CVE-2019-8233
In Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
Magento Magento
Magento Magento 2.3.2
445
VMScore
CVE-2019-8112
A security bypass vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user c...
Magento Magento
Magento Magento 2.3.2
445
VMScore
CVE-2019-8118
Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Magento Magento
Magento Magento 2.3.2
1 Github repository
578
VMScore
CVE-2019-8151
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a...
Magento Magento
Magento Magento 2.3.2
756
VMScore
CVE-2020-9689
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
828
VMScore
CVE-2020-9691
Magento versions 2.3.5-p1 and previous versions, and 2.3.5-p1 and previous versions have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Magento Magento
Magento Magento 2.3.5
490
VMScore
CVE-2019-8090
An arbitrary file deletion vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated users can manipulate the design layout update feature.
Magento Magento
Magento Magento 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »