Lucene search
K

10 matches found

OSV
OSV
added 2025/02/11 6:31 p.m.5 views

GHSA-XWGX-8V72-4J5J Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS5.2AI score0.00656EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/02/11 6:31 p.m.10 views

Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS5.2AI score0.00656EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2024/10/21 9:55 a.m.9 views

Improper Access Control

magento/community-edition is vulnerable to an Improper Access Control. The vulnerability is due to improper access control in Adobe Commerce, which fails to properly enforce restrictions on certain actions, allowing unauthorized users to bypass security measures...

2.7CVSS6.7AI score0.00488EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/15 9:30 p.m.3 views

GHSA-3QR4-W96F-672V Magento Open Source allows Incorrect Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

5.3CVSS4.3AI score0.00585EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:0 p.m.5 views

GHSA-92PH-XM9V-CG3J Magento Broken authentication and session managememt

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...

6.5CVSS6.5AI score0.01168EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.14 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.15 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.18 views

PRODSECBUG-2164: Use of cryptographically weak PRNG to create gift card codes

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.3CVSS7.2AI score0.0097EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.16 views

PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/02/07 12:0 a.m.7 views

SUPEE-9652 - Remote Code Execution using mail vulnerability

More info at https://magento.com/security/patches/supee-9652...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder