Vulnerabilities > Magento > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-05 | CVE-2019-8117 | Cross-site Scripting vulnerability in Magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.4 |
| 2019-11-05 | CVE-2019-8115 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 4.8 |
| 2019-11-05 | CVE-2019-8113 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | 5.3 |
| 2019-11-05 | CVE-2019-8108 | Improper Authentication vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-05 | CVE-2019-8107 | Unspecified vulnerability in Magento An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-05 | CVE-2019-8092 | Cross-site Scripting vulnerability in Magento A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 5.4 |
| 2019-11-05 | CVE-2019-8090 | Unspecified vulnerability in Magento An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. | 6.5 |
| 2019-10-30 | CVE-2019-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Magento An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. | 6.5 |
| 2019-08-02 | CVE-2019-7947 | Cross-Site Request Forgery (CSRF) vulnerability in Magento A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 6.5 |
| 2019-08-02 | CVE-2019-7945 | Cross-site Scripting vulnerability in Magento A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 5.4 |