Vulnerabilities > Magento > Magento > 2.3.1

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2020-3719 SQL Injection vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability.
network
low complexity
magento CWE-89
7.8
7.8
2020-01-29 CVE-2020-3718 Unspecified vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability.
network
low complexity
magento
critical
 10.0
10
2020-01-29 CVE-2020-3717 Path Traversal vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability.
network
low complexity
magento CWE-22
5.0
5.0
2020-01-29 CVE-2020-3716 Deserialization of Untrusted Data vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
magento CWE-502
critical
 10.0
10
2020-01-29 CVE-2020-3715 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3
4.3
2019-11-06 CVE-2019-8158 XML Injection (aka Blind XPath Injection) vulnerability in Magento
An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-91
7.5
7.5
2019-11-06 CVE-2019-8157 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
3.5
3.5
2019-11-06 CVE-2019-8156 Server-Side Request Forgery (SSRF) vulnerability in Magento
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-918
6.5
6.5
2019-11-06 CVE-2019-8145 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
3.5
3.5
2019-11-06 CVE-2019-8132 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
3.5
3.5