|
211861
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8132
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211862
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8233
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211863
|
6.6 |
MEDIUM
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import fe…
|
CWE-362
Race Condition
|
CVE-2019-8232
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211864
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
|
NVD-CWE-noinfo
|
CVE-2019-8231
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211865
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/out…
|
NVD-CWE-noinfo
|
CVE-2019-8230
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211866
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
|
NVD-CWE-noinfo
|
CVE-2019-8229
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211867
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creatin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8228
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211868
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when cre…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8227
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211869
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitr…
|
CWE-78
OS Command
|
CVE-2019-8159
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211870
|
7.5 |
HIGH
Network
|
magento
|
magento
|
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized …
|
CWE-352
Origin Validation Error
|
CVE-2019-8155
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
