10 matches found
Magento Stored Cross-Site Scripting (XSS) Vulnerability
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...
GHSA-XWGX-8V72-4J5J Magento Stored Cross-Site Scripting (XSS) Vulnerability
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...
Improper Access Control
magento/community-edition is vulnerable to an Improper Access Control. The vulnerability is due to improper access control in Adobe Commerce, which fails to properly enforce restrictions on certain actions, allowing unauthorized users to bypass security measures...
GHSA-3QR4-W96F-672V Magento Open Source allows Incorrect Authorization
Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...
GHSA-92PH-XM9V-CG3J Magento Broken authentication and session managememt
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management...
PRODSECBUG-2462: Remote code execution via file upload in admin import feature
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2440: Information disclosure through processing of external XML entities
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2164: Use of cryptographically weak PRNG to create gift card codes
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
SUPEE-9652 - Remote Code Execution using mail vulnerability
More info at https://magento.com/security/patches/supee-9652...