Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-8113
Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
Magento Magento
Magento Magento 2.3.2
4.9
CVSSv3
CVE-2019-8124
An insufficient logging and monitoring vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8128
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
Magento Magento 2.3.2
Magento Magento
5.4
CVSSv3
CVE-2019-8131
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.
Magento Magento 2.3.2
Magento Magento
8.8
CVSSv3
CVE-2019-8134
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.
Magento Magento 2.3.2
Magento Magento
9.8
CVSSv3
CVE-2019-8136
An insecure component vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8139
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.
Magento Magento 2.3.2
Magento Magento
5.4
CVSSv3
CVE-2019-8142
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store.
Magento Magento 2.3.2
Magento Magento
6.5
CVSSv3
CVE-2019-8143
A SQL injection vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.
Magento Magento 2.3.2
Magento Magento
9.8
CVSSv3
CVE-2019-8144
A remote code execution vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
Magento Magento
Magento Magento 2.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »