Vulnerabilities > Magento
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-05 | CVE-2019-8121 | Unspecified vulnerability in Magento An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 9.8 |
2019-11-05 | CVE-2019-8120 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 5.4 |
2019-11-05 | CVE-2019-8119 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 7.2 |
2019-11-05 | CVE-2019-8118 | Cleartext Storage of Sensitive Information vulnerability in Magento Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts. | 5.3 |
2019-11-05 | CVE-2019-8117 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.4 |
2019-11-05 | CVE-2019-8116 | Session Fixation vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |
2019-11-05 | CVE-2019-8115 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.8 |
2019-11-05 | CVE-2019-8114 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.2 |
2019-11-05 | CVE-2019-8113 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | 5.3 |
2019-11-05 | CVE-2019-8112 | Insufficient Verification of Data Authenticity vulnerability in Magento A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 7.5 |