|
214281
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creatin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8228
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214282
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when cre…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8227
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214283
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitr…
|
CWE-78
OS Command
|
CVE-2019-8159
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214284
|
7.5 |
HIGH
Network
|
magento
|
magento
|
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized …
|
CWE-352
Origin Validation Error
|
CVE-2019-8155
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214285
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP f…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2019-8154
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214286
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in …
|
CWE-79
Cross-site Scripting
|
CVE-2019-8153
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214287
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8152
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214288
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can e…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-8151
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214289
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert …
|
NVD-CWE-noinfo
|
CVE-2019-8150
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214290
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id tha…
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-8149
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
