Vulnerabilities > Magento
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-24403 | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. | 2.7 |
| 2020-11-09 | CVE-2020-24401 | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 6.5 |
| 2020-11-09 | CVE-2020-24400 | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 7.1 |
| 2020-10-16 | CVE-2020-24408 | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 6.1 |
| 2020-08-20 | CVE-2020-15151 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. | 8.0 |
| 2020-07-29 | CVE-2020-9692 | Unspecified vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. | 6.5 |
| 2020-07-29 | CVE-2020-9691 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. | 9.6 |
| 2020-07-29 | CVE-2020-9690 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. | 4.2 |
| 2020-07-29 | CVE-2020-9689 | Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. | 6.5 |
| 2020-07-22 | CVE-2020-9665 | Cross-site Scripting vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. | 6.1 |