Vulnerabilities > Magento > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7852 | Information Exposure vulnerability in Magento A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 5.3 |
| 2019-08-02 | CVE-2019-7851 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages. | 6.5 |
| 2018-01-08 | CVE-2018-5301 | Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. | 6.5 |
| 2017-12-30 | CVE-2016-10704 | Cross-site Scripting vulnerability in Magento Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 6.1 |
| 2017-09-20 | CVE-2014-9758 | Cross-site Scripting vulnerability in Magento 1.9.0.1 Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | 6.1 |
| 2016-04-15 | CVE-2016-2212 | Information Exposure vulnerability in Magento The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. | 5.3 |