Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-24402 Improper Authorization vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component.
network
low complexity
magento CWE-285
5.5
2020-11-09 CVE-2020-24401 Incorrect Authorization vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability.
network
low complexity
magento CWE-863
5.5
2020-11-09 CVE-2020-24400 SQL Injection vulnerability in Magento
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure.
network
low complexity
magento CWE-89
5.5
2020-10-16 CVE-2020-24408 Cross-site Scripting vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component.
network
magento CWE-79
4.3
2020-08-20 CVE-2020-15151 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks.
network
high complexity
openmage magento CWE-352
4.0
2020-07-29 CVE-2020-9692 Incorrect Authorization vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability.
network
magento CWE-863
8.5
2020-07-29 CVE-2020-9691 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability.
network
magento CWE-79
critical
9.3
2020-07-29 CVE-2020-9690 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability.
network
magento CWE-203
3.5
2020-07-29 CVE-2020-9689 Path Traversal vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability.
network
magento CWE-22
8.5
2020-07-22 CVE-2020-9665 Cross-site Scripting vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3