|
211881
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and ob…
|
CWE-89
SQL Injection
|
CVE-2019-8143
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211882
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title o…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8142
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211883
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system leve…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-8141
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211884
|
4.9 |
MEDIUM
Network
|
magento
|
magento
|
An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-8140
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211885
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking pag…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8139
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211886
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8138
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211887
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can…
|
NVD-CWE-noinfo
|
CVE-2019-8137
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211888
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction imp…
|
NVD-CWE-noinfo
|
CVE-2019-8136
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211889
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be d…
|
CWE-74
Injection
|
CVE-2019-8135
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211890
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when ac…
|
CWE-89
SQL Injection
|
CVE-2019-8134
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
