Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-26 CVE-2020-9577 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-01-29 CVE-2020-3758 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2020-01-29 CVE-2020-3717 Path Traversal vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability.
network
low complexity
magento CWE-22
5.3
2020-01-29 CVE-2020-3715 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
2019-11-06 CVE-2019-8157 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-06 CVE-2019-8145 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-06 CVE-2019-8132 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-06 CVE-2019-8233 Cross-site Scripting vulnerability in Magento
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
network
low complexity
magento CWE-79
6.1
2019-11-06 CVE-2019-8232 Race Condition vulnerability in Magento
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.
network
high complexity
magento CWE-362
6.6
2019-11-06 CVE-2019-8228 Cross-site Scripting vulnerability in Magento
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
network
low complexity
magento CWE-79
4.8