Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:0 p.m.23 views

Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. As per the Magento Release 2.3.3, if you have already implemented the pre-release versi...

4.8CVSS4.8AI score0.00552EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2019/11/05 11:15 p.m.13 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview...

3.5CVSS5.2AI score0.00556EPSS
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.25 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.26 views

PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.31 views

PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.40 views

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.34 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.32 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.24 views

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9CVSS7.2AI score0.03267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.44 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Rows per page
Query Builder