Magento XSS Vulnerability

In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML...

Magento Untrusted Data Deserialization Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An untrusted data deserialization vulnerability exists in Magento versions 2.3.3 and earlier, 2.2.10 and earlier,...

CVE-2020-3717

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure...

PT-2020-17702 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.3 and earlier Magento versions 2.2.10 and earlier Magento versions 1.14.4.3 and earlier Magento versions 1.9.4.3 and earlier Description: The issue is related to an sql injection vulnerability. Successful exploitation cou...

PT-2020-17699 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.3 and earlier Magento versions 2.2.10 and earlier Magento versions 1.14.4.3 and earlier Magento versions 1.9.4.3 and earlier Description: The issue is related to the deserialization of untrusted data, which could lead to...

PT-2020-17698 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.3 and earlier Magento versions 2.2.10 and earlier Magento versions 1.14.4.3 and earlier Magento versions 1.9.4.3 and earlier Description: The issue is a stored cross-site scripting vulnerability. Successful exploitation...

CMS Made Simple Input Validation Error Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. An input validation error vulnerability exists in the News...

CVE-2019-8155

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions...

Magento Input Validation Error Vulnerability (CNVD-2019-40832)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and prior to 1.14.4.3. An attacker can explo...

Magento cross-site scripting vulnerability (CNVD-2019-40836)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and 1.14.4.3. An attacker can exploit the...

Magento Input Validation Error Vulnerability (CNVD-2019-40838)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A security vulnerability exists in Magento versions prior to 1.9.4.3 and 1.14.4.3. An attacker can exploit the...

Magento Remote Code Execution Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A remote code execution vulnerability exists in Magento Open Source versions prior to 1.9.4.3 and Magento Commerc...

CMS Made Simple Remote Database Corruption Vulnerability

CMS Made Simple is prone to a vulnerability that could result in the corruption of the database. An attacker can exploit this vulnerability to corrupt the database. Versions prior to CMS Made Simple 1.9.4.3 are vulnerable. OpenVAS Vulnerability Test $Id: gbcmsmadesimple50659.nasl 7024 2017-08-30...