10 matches found
Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. As per the Magento Release 2.3.3, if you have already implemented the pre-release versi...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview...
PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2223: Remote code execution when using functionality that imports a new product
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...