Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7877 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-79
4.3
2019-08-02 CVE-2019-7876 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento
6.5
2019-08-02 CVE-2019-7874 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-352
4.3
2019-08-02 CVE-2019-7873 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-352
5.8
2019-08-02 CVE-2019-7872 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks.
network
low complexity
magento CWE-639
5.5
2019-08-02 CVE-2019-7871 Code Injection vulnerability in Magento
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code.
network
low complexity
magento CWE-94
6.5
2019-08-02 CVE-2019-7865 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
magento CWE-352
6.8
2019-08-02 CVE-2019-7864 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
5.0
2019-08-02 CVE-2019-7861 Unrestricted Upload of File with Dangerous Type vulnerability in Magento
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-434
5.0
2019-08-02 CVE-2019-7860 Cryptographic Issues vulnerability in Magento
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-310
5.0