Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-7851
A cross-site request forgery vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unintended data deletion from customer pages.
Magento Magento
7.5
CVSSv3
CVE-2019-7861
Insufficient server-side validation of user input could allow an malicious user to bypass file upload restrictions in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
6.5
CVSSv3
CVE-2019-7874
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of user roles.
Magento Magento
7.5
CVSSv3
CVE-2019-7854
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unauthorized disclosure of company credit history details.
Magento Magento
4.8
CVSSv3
CVE-2019-7862
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
4.3
CVSSv3
CVE-2019-7873
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of the store design schedule.
Magento Magento
6.5
CVSSv3
CVE-2019-7904
Insufficient enforcement of user access controls in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
Magento Magento
5.3
CVSSv3
CVE-2019-7855
A cryptograhic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
Magento Magento
5.4
CVSSv3
CVE-2019-8117
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
Magento Magento
7.5
CVSSv3
CVE-2019-7886
A cryptograhic flaw exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »