Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7872 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks.
network
low complexity
magento CWE-639
6.5
6.5
2019-08-02 CVE-2019-7871 Code Injection vulnerability in Magento
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code.
network
low complexity
magento CWE-94
8.8
8.8
2019-08-02 CVE-2019-7869 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8
2019-08-02 CVE-2019-7868 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8
2019-08-02 CVE-2019-7867 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8
2019-08-02 CVE-2019-7866 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8
2019-08-02 CVE-2019-7865 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-352
8.8
8.8
2019-08-02 CVE-2019-7864 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
5.3
5.3
2019-08-02 CVE-2019-7863 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8
2019-08-02 CVE-2019-7862 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
4.8