Vulnerabilities > Magento
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-28583 | Unspecified vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. | 4.2 |
| 2021-06-28 | CVE-2021-28584 | Unspecified vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. | 7.2 |
| 2021-06-28 | CVE-2021-28585 | Unspecified vulnerability in Magento Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails. | 5.3 |
| 2021-02-11 | CVE-2021-21029 | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. | 4.8 |
| 2021-02-11 | CVE-2021-21022 | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. | 5.3 |
| 2021-02-11 | CVE-2021-21019 | Unspecified vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. | 9.1 |
| 2020-11-09 | CVE-2020-24407 | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. | 9.1 |
| 2020-11-09 | CVE-2020-24406 | Path Traversal vulnerability in Magento When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. | 3.7 |
| 2020-11-09 | CVE-2020-24405 | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. | 4.3 |
| 2020-11-09 | CVE-2020-24404 | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. | 2.7 |