Lucene search
K

4 matches found

OSV
OSV
added 2022/05/24 5:41 p.m.22 views

GHSA-269W-PQC7-68Q9 Magento vulnerable to a file upload restriction bypass

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

9.1CVSS8.7AI score0.04213EPSS
Exploits1References5
OSV
OSV
added 2021/02/11 8:15 p.m.21 views

CVE-2021-21020

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources...

5.3CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2021/02/11 8:15 p.m.23 views

Cross site scripting

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

4.3CVSS7.3AI score0.05629EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.7 views

PT-2021-2182 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a file upload restriction bypass, which could lead to arbitrary code execution by an authenticate...

9.1CVSS9.2AI score0.04213EPSS
Exploits1References12
Rows per page
Query Builder