Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-24408 Unspecified vulnerability in Magento
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component.
network
low complexity
magento
6.1
2020-07-29 CVE-2020-9692 Unspecified vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability.
local
low complexity
magento
6.5
2020-07-29 CVE-2020-9690 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability.
local
low complexity
magento CWE-203
4.2
2020-07-29 CVE-2020-9689 Path Traversal vulnerability in Magento
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability.
local
low complexity
magento CWE-22
6.5
2020-07-22 CVE-2020-9665 Cross-site Scripting vulnerability in Magento
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-06-26 CVE-2020-9584 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
5.4
2020-06-26 CVE-2020-9581 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-06-26 CVE-2020-9577 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-01-29 CVE-2020-3758 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-01-29 CVE-2020-3717 Path Traversal vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability.
network
low complexity
magento CWE-22
5.3