Vulnerabilities > Magento > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8227 | Cross-site Scripting vulnerability in Magento In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | 3.5 |
| 2019-11-06 | CVE-2019-8228 | Cross-site Scripting vulnerability in Magento in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | 3.5 |
| 2019-11-05 | CVE-2019-8092 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
| 2019-11-05 | CVE-2019-8115 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
| 2019-11-05 | CVE-2019-8117 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 3.5 |
| 2019-11-05 | CVE-2019-8120 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 3.5 |
| 2019-08-02 | CVE-2019-7853 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 3.5 |
| 2019-08-02 | CVE-2019-7862 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 3.5 |
| 2019-08-02 | CVE-2019-7863 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 3.5 |
| 2019-08-02 | CVE-2019-7866 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 3.5 |