Vulnerabilities > Adobe > Adobe Commerce > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-36012 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation.
network
low complexity
adobe
6.5
6.5
2021-09-01 CVE-2021-36026 Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
6.1
6.1
2021-09-01 CVE-2021-36027 Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
6.1
6.1
2021-09-01 CVE-2021-36037 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability.
network
low complexity
adobe
6.5
6.5
2021-09-01 CVE-2021-36038 Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module.
network
low complexity
adobe CWE-20
6.5
6.5
2021-09-01 CVE-2021-36039 Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter.
network
low complexity
adobe CWE-863
6.5
6.5
2021-09-01 CVE-2021-36043 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension.
network
high complexity
adobe CWE-918
6.6
6.6