Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / magento

magento

380 tracked vulnerabilities.

CVE-2020-3718 CRITICAL

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - RCE

CVE-2020-3717 MEDIUM

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Path Traversal

CVE-2020-3716 CRITICAL

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - Code Injection

CVE-2020-3715 MEDIUM

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - XSS

CVE-2019-8158 CRITICAL

Magento <2.2.10, 2.3.<3, 2.3.2-p1 - XPath Injection

CVE-2019-8157 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Downloadable Link Error Handling

CVE-2019-8156 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Server-Side Request Forgery via Connector API Endpoint

CVE-2019-8145 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated Stored Cross-Site Scripting in Attribute Set Name

CVE-2019-8132 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting in Email Template Name Field

CVE-2019-8233 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Unauthenticated Stored Cross-Site Scripting via HTML Comment Bypass

CVE-2019-8232 MEDIUM

Magento < 1.9.4.3, < 1.14.4.3, 2.2.0-2.2.9, < 2.3.3 - Remote Code Execution via Import Race Condition

CVE-2019-8231 HIGH

Magento <1.14.4.3 - Authenticated RCE

CVE-2019-8230 HIGH

Magentoprior <1.9.4.3-1.14.4.3 - Authenticated RCE

CVE-2019-8229 HIGH

Magento <1.9.4.3-1.14.4.3 - Authenticated RCE

CVE-2019-8228 MEDIUM

Magento < 1.9.4.3 and < 1.14.4.3 - Authenticated Stored Cross-Site Scripting in Email Template Editor

CVE-2019-8227 MEDIUM

Magento < 1.9.4.3 and < 1.14.4.3 - Authenticated Stored Cross-Site Scripting via Import/Export Profile Action XML

CVE-2019-8159 HIGH

Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated Remote Code Execution via Arbitrary File Deletion

CVE-2019-8155 HIGH

Magento 1.5.0.0-1.9.4.2 and 1.9.0.0-1.14.4.2 - Cross-Site Request Forgery via CSRF Token in URL

CVE-2019-8154 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Product Design Update XML File

CVE-2019-8153 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Stored Cross-Site Scripting via escapeURL() Bypass

CVE-2019-8152 MEDIUM

Magento 1.5.0.0-1.9.4.2, 1.9.0.0-1.14.4.2, 2.2.0-2.2.9, 2.3.0-2.3.2 - Stored XSS via WYSIWYG Editor

CVE-2019-8151 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via SSRF in Carrier Gateway

CVE-2019-8150 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Page Layout Manipulation

CVE-2019-8149 CRITICAL

Magento 2.2-2.2.9 and 2.3-2.3.2 - Insecure Session Management

CVE-2019-8148 MEDIUM

Magento 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Page Builder

Previous Page 10 of 16 Next

Products

community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy