Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-22659

Malware in sbrugna...

6.5CVSS6.3AI score0.01701EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2758

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.05629EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:59 a.m.13 views

BIT-MAGENTO-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution

Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires...

8.1CVSS7.3AI score0.05629EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 10:28 p.m.4 views

GHSA-8GFQ-M4CF-W975 Magento stored cross-site scripting vulnerability in the customer address upload feature

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

6.5CVSS6.1AI score0.01701EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.5 views

Magento stored cross-site scripting vulnerability in the customer address upload feature

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

6.5CVSS6.1AI score0.01701EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2022/05/24 5:41 p.m.16 views

GHSA-6988-G89M-27VF Magento stored cross-site scripting (XSS) in the customer address upload feature

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

8.1CVSS7.2AI score0.05629EPSS
Exploits0References3
NVD
NVD
added 2021/09/01 3:15 p.m.18 views

CVE-2021-36026

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

6.5CVSS0.01701EPSS
Exploits0References1
OSV
OSV
added 2021/09/01 3:15 p.m.23 views

CVE-2021-36026

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

6.1CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2021/09/01 3:15 p.m.17 views

Cross site scripting

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

4.3CVSS6.1AI score0.01701EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/09/01 2:29 p.m.23 views

CVE-2021-36026 Magento Commerce Stored Cross-site Scripting Vulnerability

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...

6.5CVSS6AI score0.01701EPSS
Exploits0References1
OSV
OSV
added 2021/02/11 8:15 p.m.21 views

CVE-2021-21030

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

8.1CVSS5.5AI score
Exploits0References1
Prion
Prion
added 2021/02/11 8:15 p.m.23 views

Cross site scripting

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue...

4.3CVSS7.3AI score0.05629EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.5 views

PT-2021-2328 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation...

8.1CVSS7.5AI score0.05629EPSS
Exploits0References8
Cvelist
Cvelist
added 2020/10/16 2:3 p.m.27 views

CVE-2020-24408 Stored XSS in customer address upload feature

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...

6.1CVSS6.3AI score0.0172EPSS
Exploits0References1
Rows per page
Query Builder