Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8093 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-434
6.5
2019-11-05 CVE-2019-8092 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
magento CWE-79
3.5
2019-11-05 CVE-2019-8091 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3.
network
low complexity
magento
6.5
2019-11-05 CVE-2019-8090 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
5.5
2019-10-30 CVE-2019-8235 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions.
network
low complexity
magento CWE-639
4.0
2019-08-02 CVE-2019-7951 Information Exposure vulnerability in Magento
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-200
5.0
2019-08-02 CVE-2019-7950 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
5.0
2019-08-02 CVE-2019-7947 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-352
4.3
2019-08-02 CVE-2019-7945 Cross-site Scripting vulnerability in Magento
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5
2019-08-02 CVE-2019-7944 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
3.5