Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2020-3715 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability.
network
low complexity
magento CWE-79
6.1
6.1
2019-11-06 CVE-2019-8157 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
5.4
2019-11-06 CVE-2019-8145 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
5.4
2019-11-06 CVE-2019-8132 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
5.4
2019-11-06 CVE-2019-8233 Cross-site Scripting vulnerability in Magento
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
network
low complexity
magento CWE-79
6.1
6.1
2019-11-06 CVE-2019-8232 Race Condition vulnerability in Magento
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.
network
high complexity
magento CWE-362
6.6
6.6
2019-11-06 CVE-2019-8228 Cross-site Scripting vulnerability in Magento
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
network
low complexity
magento CWE-79
4.8
4.8
2019-11-06 CVE-2019-8227 Cross-site Scripting vulnerability in Magento
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
network
low complexity
magento CWE-79
4.8
4.8
2019-11-06 CVE-2019-8153 Cross-site Scripting vulnerability in Magento
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
6.1
6.1
2019-11-06 CVE-2019-8152 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
5.4