Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-7859
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Magento Magento
5
CVSSv2
CVE-2019-7858
A cryptographic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9 and Magento 2.3 before 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Magento Magento
5
CVSSv2
CVE-2019-7864
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
6.5
CVSSv2
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Magento Magento
7.5
CVSSv2
CVE-2019-7890
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
4.3
CVSSv2
CVE-2019-7877
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
Magento Magento
3.5
CVSSv2
CVE-2019-7881
A cross-site scripting mitigation bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
Magento Magento
4
CVSSv2
CVE-2019-7888
An information disclosure vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.
Magento Magento
6.5
CVSSv2
CVE-2019-7903
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.
Magento Magento
4.3
CVSSv2
CVE-2019-7947
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source before 1.9.4.2, and Magento Commerce before 1.14.4.2, Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2.
Magento Magento
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »