Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 7:17 p.m.8 views

Magento Open Source allows Cross-Site Request Forgery (CSRF)

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to a customer's cart by an unauthenticated attacker. Acces...

6.5CVSS6.9AI score0.01567EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2021/10/15 3:15 p.m.21 views

CVE-2021-39864

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to...

6.5CVSS0.01567EPSS
Exploits0References1
OSV
OSV
added 2021/10/15 3:15 p.m.18 views

CVE-2021-39864

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to...

6.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/10/15 3:15 p.m.15 views

Cross site request forgery (csrf)

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to...

4.3CVSS6.2AI score0.01567EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/10/15 2:21 p.m.125 views

CVE-2021-39864

CVE-2021-39864 is a CSRF vulnerability in Adobe Commerce / Magento Open Source via a Wishlist Share Link. Affected: Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier, 2.3.7p1 and earlier. Impact: unauthenticated attacker could cause unauthorized additions to a customer’s cart withou...

6.5CVSS6.2AI score0.01567EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder