Vulnerabilities > Magento > Magento > 1.9.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-24401 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 5.5 |
| 2020-11-09 | CVE-2020-24400 | SQL Injection vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 5.5 |
| 2020-10-16 | CVE-2020-24408 | Cross-site Scripting vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 4.3 |
| 2020-08-20 | CVE-2020-15151 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. | 4.0 |
| 2020-07-29 | CVE-2020-9692 | Incorrect Authorization vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. | 8.5 |
| 2020-07-29 | CVE-2020-9691 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. | 9.3 |
| 2020-07-29 | CVE-2020-9690 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. | 3.5 |
| 2020-07-29 | CVE-2020-9689 | Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. | 8.5 |
| 2020-07-22 | CVE-2020-9665 | Cross-site Scripting vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. | 4.3 |
| 2020-07-22 | CVE-2020-9664 | Code Injection vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. | 7.5 |