Vulnerabilities > Magento
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8233 | Cross-site Scripting vulnerability in Magento In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | 6.1 |
| 2019-11-06 | CVE-2019-8232 | Race Condition vulnerability in Magento In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification. | 6.6 |
| 2019-11-06 | CVE-2019-8231 | Unspecified vulnerability in Magento In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. | 7.2 |
| 2019-11-06 | CVE-2019-8230 | Unspecified vulnerability in Magento In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | 7.2 |
| 2019-11-06 | CVE-2019-8229 | Unspecified vulnerability in Magento In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. | 7.2 |
| 2019-11-06 | CVE-2019-8228 | Cross-site Scripting vulnerability in Magento in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | 4.8 |
| 2019-11-06 | CVE-2019-8227 | Cross-site Scripting vulnerability in Magento In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | 4.8 |
| 2019-11-06 | CVE-2019-8159 | OS Command Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 8.8 |
| 2019-11-06 | CVE-2019-8155 | Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. | 7.5 |
| 2019-11-06 | CVE-2019-8154 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 8.8 |