Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2019-7851
A cross-site request forgery vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unintended data deletion from customer pages.
Magento Magento
445
VMScore
CVE-2019-7861
Insufficient server-side validation of user input could allow an malicious user to bypass file upload restrictions in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
383
VMScore
CVE-2019-7874
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of user roles.
Magento Magento
445
VMScore
CVE-2019-7854
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 can lead to unauthorized disclosure of company credit history details.
Magento Magento
312
VMScore
CVE-2019-7862
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
516
VMScore
CVE-2019-7873
A cross-site request forgery vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can result in unintended deletion of the store design schedule.
Magento Magento
490
VMScore
CVE-2019-7904
Insufficient enforcement of user access controls in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
Magento Magento
312
VMScore
CVE-2019-8117
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
Magento Magento
445
VMScore
CVE-2019-7855
A cryptograhic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
Magento Magento
445
VMScore
CVE-2019-7886
A cryptograhic flaw exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
Magento Magento
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »