Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-24405 Unspecified vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module.
network
low complexity
magento
4.3
2020-11-09 CVE-2020-24402 Incorrect Default Permissions vulnerability in Magento
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component.
network
low complexity
magento CWE-276
5.5
2020-11-09 CVE-2020-24401 Incorrect Authorization vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability.
network
low complexity
magento CWE-863
5.5
2020-11-09 CVE-2020-24400 SQL Injection vulnerability in Magento
Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure.
network
low complexity
magento CWE-89
5.5
2020-10-16 CVE-2020-24408 Cross-site Scripting vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component.
network
magento CWE-79
4.3
2020-08-20 CVE-2020-15151 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks.
network
high complexity
openmage magento CWE-352
4.0
2020-07-22 CVE-2020-9665 Cross-site Scripting vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3
2020-06-26 CVE-2020-9591 Information Exposure vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento CWE-200
5.0
2020-06-26 CVE-2020-9588 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability.
network
low complexity
magento CWE-203
6.5
2020-06-26 CVE-2020-9587 Incorrect Authorization vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability.
network
low complexity
magento CWE-863
5.0