Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-16 CVE-2022-34257 Cross-site Scripting vulnerability in multiple products
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe magento CWE-79
6.1
2022-08-16 CVE-2022-34258 Cross-site Scripting vulnerability in multiple products
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe magento CWE-79
4.8
2022-08-16 CVE-2022-34259 Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe magento
5.3
2021-09-08 CVE-2021-28567 Incorrect Authorization vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module.
network
low complexity
magento CWE-863
6.5
2021-06-28 CVE-2021-28563 Unspecified vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint.
network
low complexity
magento
6.4
2021-06-28 CVE-2021-28583 Violation of Secure Design Principles vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats.
network
magento CWE-657
4.3
2021-06-28 CVE-2021-28584 Path Traversal vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker.
network
low complexity
magento CWE-22
6.5
2021-06-28 CVE-2021-28585 Improper Input Validation vulnerability in Magento
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails.
network
low complexity
magento CWE-20
5.0
2021-02-11 CVE-2021-21022 Authorization Bypass Through User-Controlled Key vulnerability in Magento
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module.
network
low complexity
magento CWE-639
5.3
2020-11-09 CVE-2020-24406 Path Traversal vulnerability in Magento
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments.
network
magento CWE-22
4.3