Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-8152
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malici...
Magento Magento
Magento Magento 2.3.2
6.1
CVSSv3
CVE-2019-8153
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious X...
Magento Magento
Magento Magento 2.3.2
8.8
CVSSv3
CVE-2019-8159
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8092
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.
Magento Magento 2.3.2
Magento Magento
8.8
CVSSv3
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv3
CVE-2019-8107
An arbitrary file deletion vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion.
Magento Magento 2.3.2
Magento Magento
8
CVSSv3
CVE-2019-8109
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Magento Magento
Magento Magento 2.3.2
5.3
CVSSv3
CVE-2019-8113
Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
Magento Magento
Magento Magento 2.3.2
5.3
CVSSv3
CVE-2019-8118
Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Magento Magento
Magento Magento 2.3.2
1 Github repository
7.5
CVSSv3
CVE-2019-7860
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »