Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / magento

magento

380 tracked vulnerabilities.

CVE-2019-8147 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Customer Attribute Label

CVE-2019-8146 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Customer Attribute

CVE-2019-8144 CRITICAL

Magento 2.3 < 2.3.3 and 2.3.2 < 2.3.2-p1 - Unauthenticated Remote Code Execution via PageBuilder Template Methods

CVE-2019-8143 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated SQL Injection via Email Templates

CVE-2019-8142 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Order Title

CVE-2019-8141 HIGH

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, <2.3.3 - Remote Code Execution via Phar Deserialization

CVE-2019-8140 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Unrestricted File Upload via Media File Storage Synchronization

CVE-2019-8139 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.1 - Authenticated Stored Cross-Site Scripting in Page Builder Dynamic Block

CVE-2019-8138 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Sale Pickup Event API Endpoint

CVE-2019-8137 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Custom Layout Update

CVE-2019-8136 CRITICAL

Magento <2.2.10-2.3.3/2.3.2-p1 - Info Disclosure

CVE-2019-8135 CRITICAL

Magento 2.2-2.2.9 and 2.3-2.3.2 - Remote Code Execution via Symfony Dependency Injection

CVE-2019-8134 HIGH

Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated SQL Injection via Email Template Variables

CVE-2019-8133 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Security Bypass and Denial of Service via Sitemap Generation

CVE-2019-8131 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting in Inventory Source Code Field

CVE-2019-8130 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Email Template Database Connection

CVE-2019-8129 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated Stored Cross-Site Scripting via Translation Injection

CVE-2019-8128 MEDIUM

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Website Name

CVE-2019-8127 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated SQL Injection via Newsletter Template Editing

CVE-2019-8126 MEDIUM

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated XML External Entity Injection via XML Layout Processing

CVE-2019-8125 HIGH

Magento 1.5.0.0-1.9.4.2 and 1.9.0.0-1.14.4.2 - Authenticated Remote Code Execution via Support Configuration

CVE-2019-8124 MEDIUM

Magento <2.1.19-2.3.3 - Info Disclosure

CVE-2019-8123 MEDIUM

Magento <1.9.4.3-2.3.3 - Info Disclosure

CVE-2019-8122 HIGH

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, 2.3.0-2.3.2 - Authenticated Remote Code Execution via Product Import Layout Update

CVE-2019-8121 CRITICAL

Magento <2.1.19-2.3.3 - Code Injection

Previous Page 11 of 16 Next

Products

community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy