Magento Open Source Security Vulnerabilities and Issues — Magento Open Source CVE List

Lucene search

AdobeMagento Open Source

7 matches found

CVE•added 2021/10/15 3:15 p.m.•61 views

CVE-2021-39864

Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Acc...

6.5CVSS6.2AI score0.00863EPSS

CVE•added 2021/09/01 3:15 p.m.•54 views

CVE-2021-36012

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.

6.5CVSS6.2AI score0.00792EPSS

CVE•added 2021/09/01 3:15 p.m.•47 views

CVE-2021-36026

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious Jav...

6.5CVSS5.7AI score0.0337EPSS

CVE•added 2021/09/01 3:15 p.m.•45 views

CVE-2021-36038

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

6.5CVSS6.2AI score0.01462EPSS

CVE•added 2021/09/01 3:15 p.m.•42 views

CVE-2021-36027

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s b...

6.5CVSS5.7AI score0.0337EPSS

CVE•added 2021/09/01 3:15 p.m.•42 views

CVE-2021-36037

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.

6.5CVSS6AI score0.00898EPSS

CVE•added 2021/09/01 3:15 p.m.•42 views

CVE-2021-36039

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the quoteId parameter. An attacker can abuse this vulnerability to disclose sensitive information.

6.5CVSS6.2AI score0.00801EPSS