|
212741
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7867
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212742
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7866
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212743
|
8.8 |
HIGH
Network
|
magento
|
magento
|
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at t…
|
CWE-352
Origin Validation Error
|
CVE-2019-7865
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212744
|
5.3 |
MEDIUM
Network
|
magento
|
magento
|
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-7864
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212745
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticate…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7863
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212746
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to …
|
CWE-79
Cross-site Scripting
|
CVE-2019-7862
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212747
|
7.5 |
HIGH
Network
|
magento
|
magento
|
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-7861
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212748
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2019-7860
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212749
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due…
|
CWE-22
Path Traversal
|
CVE-2019-7859
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212750
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently re…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-7858
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
