Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7859 Path Traversal vulnerability in Magento
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
network
low complexity
magento CWE-22
5.0
2019-08-02 CVE-2019-7858 Cryptographic Issues vulnerability in Magento
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
network
low complexity
magento CWE-310
5.0
2019-08-02 CVE-2019-7857 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.
network
magento CWE-352
4.3
2019-08-02 CVE-2019-7855 Cryptographic Issues vulnerability in Magento
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
network
low complexity
magento CWE-310
5.0
2019-08-02 CVE-2019-7854 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
network
low complexity
magento CWE-639
5.0
2019-08-02 CVE-2019-7852 Information Exposure vulnerability in Magento
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-200
5.0
2019-08-02 CVE-2019-7851 Cross-Site Request Forgery (CSRF) vulnerability in Magento
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages.
network
magento CWE-352
5.8
2019-08-02 CVE-2019-7849 Session Fixation vulnerability in Magento
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules.
network
low complexity
magento CWE-384
5.0
2018-01-08 CVE-2018-5301 Cross-Site Request Forgery (CSRF) vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.
network
magento CWE-352
5.8
2017-12-30 CVE-2016-10704 Cross-site Scripting vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
network
magento CWE-79
4.3