Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3500

Malware in sbrugna...

5CVSS6.4AI score0.25218EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/04 12:0 a.m.6 views

Magento Community Edition and Enterprise Edition Cross-Site Scripting Vulnerability

Magento is an open source PHP e-commerce system from Magento Inc. that provides rights management, search engine, and payment gateway.Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A cross-site scripting vulnerability exists in Magento ...

6.1CVSS6.6AI score0.00637EPSS
Exploits0References1
Prion
Prion
added 2017/12/30 9:29 p.m.13 views

Session fixation

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503...

4.3CVSS6AI score0.00637EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2016/04/19 12:0 a.m.5 views

Magento Enterprise Edition and Magento Community Edition Information Disclosure Vulnerability

Magento is a professional open source PHP e-commerce system of the United States Magento company.Magento Enterprise Edition EE is an enterprise version.Magento Community Edition CE is a community edition. Magento EE 1.14.2.3 before the version and Magento CE 1.9.2.3 before the version of the...

5.3CVSS6.4AI score0.02687EPSS
Exploits2References1
Cvelist
Cvelist
added 2016/04/15 2:0 p.m.27 views

CVE-2016-2212

The getOrderByStatusUrlKey function in the MageRssHelperOrder class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the orderid in a JSON object ...

5.1AI score0.02687EPSS
Exploits2References5
CNVD
CNVD
added 2015/04/30 12:0 a.m.5 views

Magento Community Edition and Enterprise Edition Directory Traversal Vulnerability

Magento is a professional open source PHP e-commerce system from Magento Inc. in the United States, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A directory...

6.5CVSS7.2AI score0.14396EPSS
Exploits1References1
CNVD
CNVD
added 2015/04/30 12:0 a.m.5 views

Magento Community Edition and Enterprise Edition SQL Injection Vulnerabilities

Magento is a professional open-source PHP e-commerce system from Magento, which provides rights management, search engine and payment gateway, etc. Magento Community Edition CE is a community edition.Magento Enterprise Edition EE is an enterprise edition. A SQL injection vulnerability exists in t...

6.5CVSS8.6AI score0.56686EPSS
Exploits1References1
Prion
Prion
added 2015/04/29 10:59 p.m.12 views

Design/Logic Flaw

The fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stre...

6.5CVSS7.9AI score0.06053EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/04/29 10:0 p.m.21 views

CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the setScriptPa...

7.5AI score0.10071EPSS
Exploits1References3
Rows per page
Query Builder