Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-7851
A cross-site request forgery vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unintended data deletion from customer pages.
Magento Magento
5
CVSSv2
CVE-2019-7861
Insufficient server-side validation of user input could allow an malicious user to bypass file upload restrictions in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
4.3
CVSSv2
CVE-2019-7874
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of user roles.
Magento Magento
3.5
CVSSv2
CVE-2019-7862
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
5
CVSSv2
CVE-2019-7854
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unauthorized disclosure of company credit history details.
Magento Magento
5.5
CVSSv2
CVE-2019-7904
Insufficient enforcement of user access controls in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
Magento Magento
5.8
CVSSv2
CVE-2019-7873
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of the store design schedule.
Magento Magento
3.5
CVSSv2
CVE-2019-8117
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
Magento Magento
5
CVSSv2
CVE-2019-7855
A cryptograhic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
Magento Magento
5
CVSSv2
CVE-2019-7886
A cryptograhic flaw exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »