Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magento magento 2.3.2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-8133
A security bypass vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which ca...
Magento Magento
Magento Magento 2.3.2
4.9
CVSSv3
CVE-2019-8140
An unrestricted file upload vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file.
Magento Magento
Magento Magento 2.3.2
6.6
CVSSv3
CVE-2019-8232
In Magento before 1.9.4.3, Magento before 1.14.4.3, Magento 2.2 before 2.2.10, and Magento 2.3 before 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configura...
Magento Magento 2.3.2
Magento Magento
6.1
CVSSv3
CVE-2019-8233
In Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
Magento Magento
Magento Magento 2.3.2
9.8
CVSSv3
CVE-2019-8135
A remote code execution vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8139
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.
Magento Magento 2.3.2
Magento Magento
7.2
CVSSv3
CVE-2019-8141
A remote code execution vulnerability exists in Magento 2.1 before 2.1.19, Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization vulnerability in th...
Magento Magento 2.3.2
Magento Magento
9.8
CVSSv3
CVE-2019-8144
A remote code execution vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.
Magento Magento
Magento Magento 2.3.2
5.4
CVSSv3
CVE-2019-8146
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 before 2.2.10, Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores.
Magento Magento
Magento Magento 2.3.2
4.8
CVSSv3
CVE-2019-8148
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 before 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.
Magento Magento 2.3.2
Magento Magento
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »