Vulnerabilities > Magento > Magento > 1.14.4.3

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2020-3716 Deserialization of Untrusted Data vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
magento CWE-502
critical
 10.0
10
2020-01-29 CVE-2020-3715 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3
4.3
2018-01-08 CVE-2018-5301 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
network
magento CWE-352
5.8
5.8
2017-12-30 CVE-2016-10704 Cross-site Scripting vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
network
magento CWE-79
4.3
4.3
2017-01-23 CVE-2016-4010 Injection vulnerability in Magento
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
network
low complexity
magento CWE-74
7.5
7.5