Vulnerabilities > Magento > Magento > 2.2.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-29 | CVE-2020-3715 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. | 4.3 |
2019-11-06 | CVE-2019-8158 | XML Injection (aka Blind XPath Injection) vulnerability in Magento An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
2019-11-06 | CVE-2019-8157 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
2019-11-06 | CVE-2019-8156 | Server-Side Request Forgery (SSRF) vulnerability in Magento A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
2019-11-06 | CVE-2019-8145 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
2019-11-06 | CVE-2019-8132 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
2019-11-06 | CVE-2019-8233 | Cross-site Scripting vulnerability in Magento In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | 4.3 |
2019-11-06 | CVE-2019-8232 | Race Condition vulnerability in Magento In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. | 6.0 |
2019-11-06 | CVE-2019-8159 | OS Command Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 9.0 |
2019-11-06 | CVE-2019-8154 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |