41 matches found
PRODSECBUG-2422: Cross-Site Scripting via Email Template Name
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2440: Information disclosure through processing of external XML entities
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2342: Cross-Site Scripting mitigation bypass
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2223: Remote code execution when using functionality that imports a new product
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2408: Unrestricted upload of file with dangerous type
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2405: Injection vulnerability via email templates
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2489: Cross side scripting during the preview of email templates
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2485: Information Disclosure via File upload functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2390: Broken authentication and session managememt
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
PRODSECBUG-1513: Insufficient brute force protections on promo code entry
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2095: Defense-in-depth session validation check implemented
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...
PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...
PRODSECBUG-2429: Insecure object reference via customer REST API
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...