CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

OSV•added 2024/03/06 10:56 a.m.•32 views

BIT-MAGENTO-2022-34253

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does...

9.1CVSS7.4AI score0.37194EPSS

Exploits0References1

Github Security Blog•added 2022/08/17 12:0 a.m.•24 views

Magento XML Injection vulnerability in the Widgets Module

9.1CVSS8AI score0.37194EPSS

Exploits0References6Affected Software1

OSV•added 2022/08/17 12:0 a.m.•19 views

GHSA-CJ7W-PM77-HVG6 Magento XML Injection vulnerability in the Widgets Module

9.1CVSS7.4AI score0.37194EPSS

Exploits0References6

OSV•added 2022/08/16 9:15 p.m.•25 views

CVE-2022-34253

7.2CVSS7.3AI score

Exploits0References1

NVD•added 2022/08/16 9:15 p.m.•15 views

CVE-2022-34253

9.1CVSS0.37194EPSS

Exploits0References1

Prion•added 2022/08/16 9:15 p.m.•17 views

Input validation

5.8CVSS7.8AI score0.37194EPSS

Exploits0References1Affected Software2

CVE•added 2022/08/16 7:45 p.m.•105 views

CVE-2022-34253

Adobe Commerce/Magento Open Source instances using Widgets Module versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, or 2.4.4 and earlier are affected by an XML Injection vulnerability. An attacker with admin privileges can trigger a crafted script to achieve remote code execution without user ...

9.1CVSS7.4AI score0.37194EPSS

Exploits0References1Affected Software2

Positive Technologies•added 2022/08/09 12:0 a.m.•1 views

PT-2022-4896 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to errors in processing XML requests, which can allow a remote attacker to...

9.1CVSS8.6AI score0.37194EPSS

Exploits0References11

OSV•added 2022/05/24 7:12 p.m.•3 views

GHSA-P746-QW73-QMMX Magento XML Injection vulnerability in the Widgets Module

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

9.1CVSS7.5AI score0.11326EPSS

Exploits0References3

Github Security Blog•added 2022/05/24 7:12 p.m.•4 views

Magento XML Injection vulnerability in the Widgets Module

9.1CVSS8.2AI score0.11326EPSS

Exploits0References3Affected Software2

OSV•added 2021/09/01 3:15 p.m.•15 views

CVE-2021-36033

7.2CVSS7.7AI score

Exploits0References1

NVD•added 2021/09/01 3:15 p.m.•11 views

CVE-2021-36033

9.1CVSS0.11326EPSS

Exploits0References1

Prion•added 2021/09/01 3:15 p.m.•20 views

Input validation

6.5CVSS7.7AI score0.11326EPSS

Exploits0References1Affected Software2

CVE•added 2021/09/01 2:28 p.m.•57 views

CVE-2021-36033

CVE-2021-36033 refers to an XML Injection in the Magento Commerce Widgets Module. Affected software includes Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier, and 2.3.7 and earlier. The vulnerability allows an attacker with administrative privileges to submit specially crafted XM...

9.1CVSS7.7AI score0.11326EPSS

Exploits0References1Affected Software2

Cvelist•added 2021/02/11 7:29 p.m.•16 views

CVE-2021-21019 Magento Commerce XML Injection Could Lead To Remote Code Execution

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation...

9.1CVSS9.6AI score0.04035EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by