Lucene search
K

5 matches found

OSV
OSV
added 2024/08/14 12:35 p.m.11 views

GHSA-4323-F82V-F6JR Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability

Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited...

5.3CVSS5AI score0.00449EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.6 views

Magento Improper Authorization vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...

4.3CVSS6.4AI score0.00442EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2024/08/14 11:57 a.m.64 views

CVE-2024-39403

CVE-2024-39403 is a stored XSS vulnerability in Adobe Commerce/Magento Open Source (Magento) tied to the Webhook module public key configuration. Affected: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Impact per sources: attacker could inject malicious script into v...

7.6CVSS6.5AI score0.0049EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/14 11:57 a.m.12 views

CVE-2024-39417 An unauthorized user can export the Shipping Report

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...

4.3CVSS5.9AI score0.00442EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/14 11:57 a.m.23 views

CVE-2024-39410 Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by...

4.3CVSS0.00449EPSS
Exploits0References1
Rows per page
Query Builder