Vulnerabilities > Magento

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-06	CVE-2019-8228	Cross-site Scripting vulnerability in Magento in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. network magento CWE-79	3.5
2019-11-06	CVE-2019-8227	Cross-site Scripting vulnerability in Magento In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. network magento CWE-79	3.5
2019-11-06	CVE-2019-8159	OS Command Injection vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network low complexity magento CWE-78 critical	9.0
2019-11-06	CVE-2019-8155	Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. network low complexity magento CWE-352	5.0
2019-11-06	CVE-2019-8154	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network low complexity magento CWE-829	6.5
2019-11-06	CVE-2019-8153	Cross-site Scripting vulnerability in Magento A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network magento CWE-79	4.3
2019-11-06	CVE-2019-8152	Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network magento CWE-79	3.5
2019-11-06	CVE-2019-8151	Server-Side Request Forgery (SSRF) vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network low complexity magento CWE-918	6.5
2019-11-06	CVE-2019-8150	Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network low complexity magento	6.5
2019-11-06	CVE-2019-8149	Insufficient Session Expiration vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. network low complexity magento CWE-613	7.5

Vulnerabilities > Magento {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Magento"}]}

Vulnerabilities > Magento