18 matches found
EUVD-2022-5316
Malicious code in bioql PyPI...
MAL-2025-41492 Malicious code in @twork-data-services/customer-attribute-api-v3-customer-attribute-by-name (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2019-8147
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label...
BIT-MAGENTO-2021-21015 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required fo...
GHSA-W2P4-2C8C-2G7H Magento OS command injection via the customer attribute save controller
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required...
Magento OS command injection via the customer attribute save controller
Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required...
GHSA-V8FG-P27H-MXJP Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label...
GHSA-6M27-3R8Q-C7F7 Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. As per the Magento Release 2.3.3, if you have already...
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label...
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. As per the Magento Release 2.3.3, if you have already...
PT-2021-2183 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to an OS command injection via the customer attribute save controller. Successful exploitation could...
CVE-2019-8146
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...
CVE-2019-8146
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...
CVE-2019-8147
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label...
CVE-2019-8146
CVE-2019-8146 is a stored cross-site scripting (XSS) flaw in Magento: affected are Magento 2.2 versions before 2.2.10 and Magento 2.3 versions before 2.3.3 or 2.3.2-p1. The vulnerability allows an authenticated user to inject arbitrary JavaScript when adding a new customer attribute for stores. T...
CVE-2019-8146
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...
PRODSECBUG-2398: Cross-Site Scripting via Customer Attribute Labels
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2401: Cross-Site Scripting via Customer Attribute Option Value
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...