Vulnerabilities > Magento > Magento > 2.3.1

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-9691 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability.
network
magento CWE-79
critical
 9.3
9.3
2020-07-29 CVE-2020-9690 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability.
network
magento CWE-203
3.5
3.5
2020-07-29 CVE-2020-9689 Path Traversal vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability.
network
magento CWE-22
8.5
8.5
2020-06-26 CVE-2020-9632 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
 10.0
10
2020-06-26 CVE-2020-9631 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
critical
 10.0
10
2020-06-26 CVE-2020-9630 Improper Privilege Management vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability.
network
low complexity
magento CWE-269
7.5
7.5
2020-06-26 CVE-2020-9591 Information Exposure vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento CWE-200
5.0
5.0
2020-06-26 CVE-2020-9588 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability.
network
low complexity
magento CWE-203
6.5
6.5
2020-06-26 CVE-2020-9587 Incorrect Authorization vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability.
network
low complexity
magento CWE-863
5.0
5.0
2020-06-26 CVE-2020-9585 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento
7.5
7.5