Lucene search
K

41 matches found

Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.8 views

PRODSECBUG-2422: Cross-Site Scripting via Email Template Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.15 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.20 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.1CVSS7.2AI score0.01476EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.15 views

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9CVSS7.2AI score0.03267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.15 views

PRODSECBUG-2408: Unrestricted upload of file with dangerous type

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00763EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.18 views

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00902EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.19 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.17 views

PRODSECBUG-2485: Information Disclosure via File upload functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01117EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.15 views

PRODSECBUG-2390: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.0214EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.18 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.21 views

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01255EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.21 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02474EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.29 views

PRODSECBUG-1513: Insufficient brute force protections on promo code entry

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.03121EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.36 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.37 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.27 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.21 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.20 views

PRODSECBUG-2429: Insecure object reference via customer REST API

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.02161EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.35 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Rows per page
Query Builder