|
222901
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7897
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222902
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can…
|
NVD-CWE-noinfo
|
CVE-2019-7896
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222903
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute…
|
NVD-CWE-noinfo
|
CVE-2019-7895
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222904
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access ship…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-7892
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222905
|
7.3 |
HIGH
Network
|
magento
|
magento
|
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-7890
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222906
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.…
|
CWE-74
Injection
|
CVE-2019-7889
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222907
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates …
|
NVD-CWE-noinfo
|
CVE-2019-7888
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222908
|
4.8 |
MEDIUM
Network
|
magento
|
magento
|
A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prio…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7887
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222909
|
7.5 |
HIGH
Network
|
magento
|
magento
|
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multip…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-7886
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222910
|
8.8 |
HIGH
Network
|
magento
|
magento
|
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2…
|
CWE-20
Improper Input Validation
|
CVE-2019-7885
|
2024-11-21 13:48 |
2019-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
