Vulnerabilities > Adobe > Magento Open Source
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2022-24093 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. | 7.2 |
2023-03-27 | CVE-2023-22247 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. | 7.5 |
2022-10-14 | CVE-2022-35698 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. | 5.4 |
2021-09-01 | CVE-2021-36020 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. | 9.8 |
2021-09-01 | CVE-2021-36022 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. | 7.2 |
2021-09-01 | CVE-2021-36024 | Command Injection vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. | 7.2 |
2021-09-01 | CVE-2021-36025 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. | 7.2 |
2021-09-01 | CVE-2021-36026 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
2021-09-01 | CVE-2021-36027 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
2021-09-01 | CVE-2021-36028 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. | 7.2 |