Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7852 Information Exposure vulnerability in Magento
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-200
5.3
2019-08-02 CVE-2019-7851 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
network
low complexity
magento CWE-352
6.5
2018-01-08 CVE-2018-5301 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
network
low complexity
magento CWE-352
6.5
2017-12-30 CVE-2016-10704 Cross-site Scripting vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
network
low complexity
magento CWE-79
6.1
2017-09-20 CVE-2014-9758 Cross-site Scripting vulnerability in Magento 1.9.0.1
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
network
low complexity
magento CWE-79
6.1
2016-04-15 CVE-2016-2212 Information Exposure vulnerability in Magento
The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.
network
low complexity
magento CWE-200
5.3