Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•28 views

PRODSECBUG-2410: Cross-Site Scripting via Dynamic block in the Page builder

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•29 views

PRODSECBUG-2405: Injection vulnerability via email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00902EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2448: Cross side scripting via admin panel dashboard

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•43 views

PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•48 views

PRODSECBUG-2452: User Password is stored in clear

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00726EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•42 views

PRODSECBUG-2449: Remote code execution via local file delete and XSLT injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•48 views

PRODSECBUG-2447: Using JS libraries with known security vulnerabilities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•38 views

PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•46 views

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•32 views

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.0238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•52 views

PRODSECBUG-2416: Using vulnerable component that provides abstraction of HTTP specification

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•42 views

PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint 

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•34 views

PRODSECBUG-2290: Cross-Site Scripting via admin panel

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•53 views

PRODSECBUG-2272: XPath Injection via front end rendering functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01285EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•64 views

PRODSECBUG-2402: Cross-Site Scripting via Attribute Set Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•44 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02474EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•57 views

PRODSECBUG-2398: Cross-Site Scripting via Customer Attribute Labels

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2376: Remote code execution through crafted page layout and image data

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.1CVSS7.2AI score0.01476EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2332: Remote code execution through arbitrary file inclusion

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01886EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•31 views

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9CVSS7.2AI score0.03267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•18 views

PRODSECBUG-2412: Cross-Site Scripting via Location Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2408: Unrestricted upload of file with dangerous type

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00763EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2406: Cross-Site Scripting via Payment Method Title

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2367: Remote code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2464: Use of weak cryptographic function

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.0092EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•44 views

PRODSECBUG-2458: Cross-Site Scripting in image file names

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•27 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2444: Missing logs of configuration changes related to design update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00964EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•40 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01255EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•40 views

PRODSECBUG-2426: Cross-Site Scripting via store name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•27 views

PRODSECBUG-2419: Bypass of sitemp access restrictions

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00992EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2494: Arbitrary file deletion through design layout update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•36 views

PRODSECBUG-2484: Arbitrary file deletion through export data data transfer

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•64 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•31 views

PRODSECBUG-2456: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.01949EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•38 views

PRODSECBUG-2455: Stored cross-site scripting (XSS) from URL in to product page

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•32 views

PRODSECBUG-2469: Remote Code Execution in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•43 views

PRODSECBUG-2465: Bypass of user confirmation mechanism

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.0056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2478: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.01168EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2485: Information Disclosure via File upload functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01117EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•49 views

PRODSECBUG-2475: Remote Code Execution through Cross-Site Request Forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8CVSS7.2AI score0.00854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2470: Remote Code Execution in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•24 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•32 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•50 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•44 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702