Vulnerabilities > Adobe > Magento Open Source > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2022-24093 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe
7.2
2023-03-27 CVE-2023-22247 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe
7.5
2021-09-01 CVE-2021-36022 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout.
network
low complexity
adobe CWE-91
7.2
2021-09-01 CVE-2021-36024 Command Injection vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint.
network
low complexity
adobe CWE-77
7.2
2021-09-01 CVE-2021-36025 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file.
network
low complexity
adobe
7.2
2021-09-01 CVE-2021-36028 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product.
network
low complexity
adobe
7.2
2021-09-01 CVE-2021-36029 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability.
network
low complexity
adobe
7.2
2021-09-01 CVE-2021-36030 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process.
network
low complexity
adobe
7.5
2021-09-01 CVE-2021-36032 Authorization Bypass Through User-Controlled Key vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-639
8.8
2021-09-01 CVE-2021-36033 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module.
network
low complexity
adobe
7.2