Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-7858
A cryptographic flaw in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9 and Magento 2.3 before 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Magento Magento
7.5
CVSSv3
CVE-2019-7859
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
Magento Magento
5.3
CVSSv3
CVE-2019-7864
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
8.8
CVSSv3
CVE-2019-7876
A remote code execution vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
Magento Magento
7.3
CVSSv3
CVE-2019-7890
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can lead to unauthorized access to order details.
Magento Magento
5.4
CVSSv3
CVE-2019-7881
A cross-site scripting mitigation bypass exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
Magento Magento
6.5
CVSSv3
CVE-2019-7888
An information disclosure vulnerability exists in Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.
Magento Magento
6.1
CVSSv3
CVE-2019-7877
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
Magento Magento
4.8
CVSSv3
CVE-2019-7863
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with access to products and categories.
Magento Magento
4.8
CVSSv3
CVE-2019-7869
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, Magento 2.3 before 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »