Vulnerabilities > Magento > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-8230 | Unspecified vulnerability in Magento In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | 6.5 |
| 2019-11-06 | CVE-2019-8229 | Unspecified vulnerability in Magento In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. | 6.5 |
| 2019-11-06 | CVE-2019-8155 | Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. | 5.0 |
| 2019-11-06 | CVE-2019-8154 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-06 | CVE-2019-8153 | Cross-site Scripting vulnerability in Magento A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.3 |
| 2019-11-06 | CVE-2019-8151 | Server-Side Request Forgery (SSRF) vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-06 | CVE-2019-8150 | Unspecified vulnerability in Magento A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-06 | CVE-2019-8143 | SQL Injection vulnerability in Magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.0 |
| 2019-11-06 | CVE-2019-8141 | Deserialization of Untrusted Data vulnerability in Magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 6.5 |
| 2019-11-06 | CVE-2019-8140 | Unrestricted Upload of File with Dangerous Type vulnerability in Magento An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.0 |