Vulnerabilities > Magento > Magento > 1.14.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-29 | CVE-2020-3716 | Deserialization of Untrusted Data vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. | 10.0 |
2020-01-29 | CVE-2020-3715 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. | 4.3 |
2018-01-08 | CVE-2018-5301 | Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. | 5.8 |
2017-12-30 | CVE-2016-10704 | Cross-site Scripting vulnerability in Magento Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 4.3 |
2017-01-23 | CVE-2016-4010 | Injection vulnerability in Magento Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | 7.5 |