Vulnerabilities > Magento > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-8129 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-06 CVE-2019-8128 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-05 CVE-2019-8126 XXE vulnerability in Magento
An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-611
4.9
2019-11-05 CVE-2019-8124 Unspecified vulnerability in Magento
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
4.9
2019-11-05 CVE-2019-8123 Unspecified vulnerability in Magento
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
5.3
2019-11-05 CVE-2019-8120 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento CWE-79
5.4
2019-11-05 CVE-2019-8118 Cleartext Storage of Sensitive Information vulnerability in Magento
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
network
low complexity
magento CWE-312
5.3
2019-11-05 CVE-2019-8117 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
5.4
2019-11-05 CVE-2019-8115 Cross-site Scripting vulnerability in Magento
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1.
network
low complexity
magento CWE-79
4.8
2019-11-05 CVE-2019-8113 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
network
low complexity
magento CWE-338
5.3