Lucene search
K

15 matches found

CNVD
CNVD
added 2019/08/05 12:0 a.m.3 views

Magento cross-site scripting vulnerability (CNVD-2019-25991)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site scripting vulnerability exists in Magento version 2.1.18 before version 2.1, 2.2.9 before version 2....

4.8CVSS6.4AI score0.00557EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.15 views

PRODSECBUG-2370: Reflected cross-site scripting on customer cart page

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

6.1CVSS7.2AI score0.01042EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.43 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.33 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.19 views

PRODSECBUG-2128: Stored Cross Site Scripting in the Admin Panel through the tax/notification/info_url setting

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.29 views

PRODSECBUG-1513: Insufficient brute force protections on promo code entry

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.03121EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.47 views

PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02413EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.33 views

PRODSECBUG-2371: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.20 views

PRODSECBUG-2173: Path traversal vulnerability in WYSIWYG editor.

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.01454EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.15 views

PRODSECBUG-2182: Reflected cross-site scripting in the admin panel.

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.17 views

PRODSECBUG-2187: Cross-site request forgery (CSRF) in checkout cart item

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

8.8CVSS7.2AI score0.00497EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.20 views

PRODSECBUG-2177: Insufficient server side validations leads to Insecure File upload vulnerability

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.02044EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.28 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.34 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2019/04/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-7139

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...

9.8CVSS7.5AI score0.1545EPSS
Exploits2References1
Rows per page
Query Builder