Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7866 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
2019-08-02 CVE-2019-7864 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
5.3
2019-08-02 CVE-2019-7863 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
2019-08-02 CVE-2019-7862 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
2019-08-02 CVE-2019-7857 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.
network
low complexity
magento CWE-352
4.3
2019-08-02 CVE-2019-7855 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
network
low complexity
magento CWE-338
5.3
2019-08-02 CVE-2019-7853 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-79
4.8
2019-08-02 CVE-2019-7852 Information Exposure vulnerability in Magento
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-200
5.3
2019-08-02 CVE-2019-7851 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
network
low complexity
magento CWE-352
6.5
2018-01-08 CVE-2018-5301 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
network
low complexity
magento CWE-352
6.5