CVE-2026-42155

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the form fields. An attacker can execute arbitrary JavaScript in the context of a victim's browser by injecting malicious scripts, potentially...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the injection of malicious scripts into vulnerable form fields. An attacker can execute arbitrary JavaScript in the victim's browser by...

XML Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to XML Injection through the XML processing mechanism. An attacker can bypass security features by sending a specially crafted XML script. Remediation...

PT-2020-5059 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.5-p1 and earlier Description: The issue is related to the lack of protection of the web page structure in Magento Commerce, a platform for developing and managing online stores. This could allow a remote attacker to execu...

PT-2020-6327 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is related to incorrect code generation management in the Magento Commerc...

Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Criminals behind the Magecart gang have shifted tactics, and are now targeting nearly two dozen unpatched vulnerabilities found in third-party plugins used in the Magento e-commerce platform. Previously, the Magecart cybergang had focused on the core of Magento, using attack strategies such as...

Magento E-Commerce Platform Cross-Site Scripting Vulnerability

Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...

Mirasvit Helpdesk MX Code Execution Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A security vulnerability exists in Mirasvit Helpdesk MX versions prior to 1.5.3. A remote attacker can exploit the vulnerabili...