Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-8153
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious X...
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2019-8157
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.
Magento Magento 2.3.2
Magento Magento
6
CVSSv2
CVE-2019-8232
In Magento before 1.9.4.3, Magento before 1.14.4.3, Magento 2.2 before 2.2.10, and Magento 2.3 before 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configura...
Magento Magento 2.3.2
Magento Magento
6.5
CVSSv2
CVE-2019-8093
An arbitrary file access vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8114
A remote code execution vulnerability exists in Magento 1 before 1.9.4.3 and 1.14.4.3, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file...
Magento Magento 2.3.2
Magento Magento
5
CVSSv2
CVE-2019-8118
Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Magento Magento
Magento Magento 2.3.2
1 Github repository
3.5
CVSSv2
CVE-2019-8129
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
Magento Magento
Magento Magento 2.3.2
6.5
CVSSv2
CVE-2019-8130
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.
Magento Magento
Magento Magento 2.3.2
3.5
CVSSv2
CVE-2019-8132
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard.
Magento Magento
Magento Magento 2.3.2
4
CVSSv2
CVE-2019-8133
A security bypass vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which ca...
Magento Magento
Magento Magento 2.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »