|
212531
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multip…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-7886
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212532
|
8.8 |
HIGH
Network
|
magento
|
magento
|
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2…
|
CWE-20
Improper Input Validation
|
CVE-2019-7885
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212533
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prio…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7882
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212534
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate pr…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7881
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212535
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7880
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212536
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to …
|
CWE-79
Cross-site Scripting
|
CVE-2019-7877
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212537
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can in…
|
NVD-CWE-noinfo
|
CVE-2019-7876
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212538
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7875
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212539
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
|
CWE-352
Origin Validation Error
|
CVE-2019-7874
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212540
|
4.3 |
MEDIUM
Network
|
magento
|
magento
|
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design sc…
|
CWE-352
Origin Validation Error
|
CVE-2019-7873
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
