|
212391
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8157
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212392
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configura…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-8156
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212393
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the at…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8145
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212394
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8132
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212395
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8233
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212396
|
6.6 |
MEDIUM
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import fe…
|
CWE-362
Race Condition
|
CVE-2019-8232
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212397
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
|
NVD-CWE-noinfo
|
CVE-2019-8231
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212398
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/out…
|
NVD-CWE-noinfo
|
CVE-2019-8230
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212399
|
7.2 |
HIGH
Network
|
magento
|
magento
|
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
|
NVD-CWE-noinfo
|
CVE-2019-8229
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212400
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creatin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8228
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
