GHSA-J3MH-WX5F-2VHG Magento Open Source Information Exposure vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in furth...

Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...

GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

Magento Open Source Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious...

GHSA-W3P2-PC3H-69WV Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...

GHSA-46FM-X82M-5F74 Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact o...

GHSA-2QHQ-FW98-H6WG Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact o...

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directorie...

CVE-2024-45127 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

PT-2024-6960 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Description: The issue is related to insufficient access control in Adobe Commerce,...

PT-2024-6962 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Description: The issue is related to an Improper Access Control vulnerability that...

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass via improper authorization. An attacker can gain access to restricted information by bypassing security controls without requiring user interaction...

Missing Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Missing Authorization via the authorization process. A low-privileged attacker can gain unauthorized access to view and modify low-sensitivity information by bypassing...

Brute Force

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Brute Force due to improper restriction of excessive authentication attempts . An attacker can gain unauthorized access to user accounts by performing brute force attacks...