Lucene search
K

4 matches found

OSV
OSV
added 2022/05/24 10:1 p.m.12 views

GHSA-4V2Q-HJX3-C4VR Magento remote code execution vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. As per the Magento...

8.8CVSS8.8AI score0.01886EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:0 p.m.13 views

GHSA-F73H-224C-62QR Magento Server-Side Request Forgery (SSRF)

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...

7.2CVSS7.6AI score0.01714EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:0 p.m.11 views

GHSA-6M27-3R8Q-C7F7 Magento 2 Community Edition XSS Vulnerability

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. As per the Magento Release 2.3.3, if you have already...

5.4CVSS5.4AI score0.00556EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:0 p.m.11 views

GHSA-JRJX-8GMW-JJ2Q Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update...

8.8CVSS8.8AI score0.01919EPSS
Exploits0References5
Rows per page
Query Builder