Vulnerabilities > Magento > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-09 | CVE-2020-24405 | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. | 4.3 |
2020-11-09 | CVE-2020-24402 | Incorrect Default Permissions vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. | 5.5 |
2020-11-09 | CVE-2020-24401 | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 5.5 |
2020-11-09 | CVE-2020-24400 | SQL Injection vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 5.5 |
2020-10-16 | CVE-2020-24408 | Cross-site Scripting vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 4.3 |
2020-08-20 | CVE-2020-15151 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. | 4.0 |
2020-07-22 | CVE-2020-9665 | Cross-site Scripting vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. | 4.3 |
2020-06-26 | CVE-2020-9591 | Information Exposure vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. | 5.0 |
2020-06-26 | CVE-2020-9588 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. | 6.5 |
2020-06-26 | CVE-2020-9587 | Incorrect Authorization vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. | 5.0 |