Vulnerabilities > Magento > Magento > 1.3.2.4

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7909 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5
3.5
2019-08-02 CVE-2019-7899 Improper Input Validation vulnerability in Magento
Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-20
5.0
5.0
2019-08-02 CVE-2019-7898 Improper Input Validation vulnerability in Magento
Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input.
network
low complexity
magento CWE-20
5.0
5.0
2019-08-02 CVE-2019-7897 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5
3.5
2019-08-02 CVE-2019-7889 Injection vulnerability in Magento
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-74
4.0
4.0
2019-08-02 CVE-2019-7887 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled.
network
magento CWE-79
3.5
3.5
2019-08-02 CVE-2019-7882 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5
3.5
2019-08-02 CVE-2019-7875 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5
3.5
2019-08-02 CVE-2019-7849 Session Fixation vulnerability in Magento
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules.
network
low complexity
magento CWE-384
5.0
5.0
2019-04-10 CVE-2019-7139 SQL Injection vulnerability in Magento
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
network
low complexity
magento CWE-89
7.5
7.5