Vulnerabilities > Mirumee

DATE CVE VULNERABILITY TITLE RISK
2020-06-30 CVE-2020-15085 Unspecified vulnerability in Mirumee Saleor
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials.
local
low complexity
mirumee
6.1
2020-01-24 CVE-2020-7964 Missing Authentication for Critical Function vulnerability in Mirumee Saleor
An issue was discovered in Mirumee Saleor 2.x before 2.9.1.
network
low complexity
mirumee CWE-306
5.3
2019-07-15 CVE-2019-1010304 Missing Authorization vulnerability in Mirumee Saleor
Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c.
network
low complexity
mirumee CWE-862
5.3
2019-07-14 CVE-2019-13594 Cross-Site Request Forgery (CSRF) vulnerability in Mirumee Saleor 2.7.0
In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server.
network
low complexity
mirumee CWE-352
8.8