Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.16 views

Magento Open Source Improper Access Control vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact ...

2.7CVSS3.3AI score0.00488EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/10 12:31 p.m.7 views

GHSA-C89G-GQ5R-2XW2 Magento Open Source stored Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

4.8CVSS4.8AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 2024/10/10 12:31 p.m.9 views

GHSA-3FR3-GCQH-3M2G Magento Open Source Improper Input Validation vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended...

7.6CVSS7.6AI score0.00852EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/10 9:57 a.m.29 views

CVE-2024-45119 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...

4.9CVSS0.00761EPSS
Exploits0References1
Snyk
Snyk
added 2024/08/14 12:35 p.m.4 views

Missing Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Missing Authorization via the authorization process. A low-privileged attacker can gain unauthorized access to view and modify low-sensitivity information by bypassing...

5.4CVSS6.3AI score0.00385EPSS
Exploits0References2
Rows per page
Query Builder