Vulnerabilities > Magento > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-16 | CVE-2020-24408 | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 6.1 |
2020-07-29 | CVE-2020-9692 | Unspecified vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. | 6.5 |
2020-07-29 | CVE-2020-9690 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. | 4.2 |
2020-07-29 | CVE-2020-9689 | Path Traversal vulnerability in Magento Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. | 6.5 |
2020-07-22 | CVE-2020-9665 | Cross-site Scripting vulnerability in Magento Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. | 6.1 |
2020-06-26 | CVE-2020-9584 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. | 5.4 |
2020-06-26 | CVE-2020-9581 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. | 6.1 |
2020-06-26 | CVE-2020-9577 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. | 6.1 |
2020-01-29 | CVE-2020-3758 | Cross-site Scripting vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. | 6.1 |
2020-01-29 | CVE-2020-3717 | Path Traversal vulnerability in Magento Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. | 5.3 |