Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / magento

magento

380 tracked vulnerabilities.

CVE-2019-8120 MEDIUM

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, 2.3.0-2.3.2 - Authenticated Stored Cross-Site Scripting via Customer Email Address

CVE-2019-8119 HIGH

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, 2.3.0-2.3.2 - Authenticated Remote Code Execution via XSLT File Injection

CVE-2019-8118 MEDIUM

Magento 2.1.0-2.1.18, 2.2.0-2.2.9, 2.3.0-2.3.2 - Cleartext Storage of Sensitive Information

CVE-2019-8117 MEDIUM

Magento 2.2.0-2.2.9 - Authenticated Stored Cross-Site Scripting via Product View ID

CVE-2019-8116 HIGH

Magento <2.2.10-2.3.3/2.3.2-p1 - Auth Bypass

CVE-2019-8115 MEDIUM

Magento 2.2.0-2.2.9 - Authenticated Reflected Cross-Site Scripting via Product Image Upload

CVE-2019-8114 HIGH

Magento < 1.9.4.3 and < 1.14.4.3 - Authenticated Remote Code Execution via Crafted Configuration Archive Upload

CVE-2019-8113 MEDIUM

Magento <2.2.10-2.3.3/2.3.2-p1 - Info Disclosure

CVE-2019-8112 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Unauthenticated Security Bypass via Email Confirmation Mechanism

CVE-2019-8111 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Email Template Plugin

CVE-2019-8110 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via Email Template Interceptor Manipulation

CVE-2019-8109 HIGH

Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Authenticated Remote Code Execution via CSRF

CVE-2019-8108 MEDIUM

Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated Insecure Session Validation Manipulation

CVE-2019-8107 MEDIUM

Magento <2.2.10-2.3.3/2.3.2-p1 - Privilege Escalation

CVE-2019-8093 HIGH

Magento 2.2-2.2.10 and 2.3-2.3.3 - Authenticated Arbitrary File Access via Downloadable Products Upload Controller

CVE-2019-8092 MEDIUM

Magento 2.2.0-2.2.9 - Authenticated Reflected Cross-Site Scripting via Email Template Preview

CVE-2019-8091 HIGH

Magento 1.5.0.0-1.9.4.2 and 1.9.0.0-1.14.4.2 - Authenticated Remote Code Execution via Layout Updates

CVE-2019-8090 MEDIUM

Magento <2.1.19-2.3.3 - Privilege Escalation

CVE-2019-8235 MEDIUM

Magento 2.1.0-2.1.16, 2.2.0-2.2.7 - Authenticated Insecure Direct Object Reference

CVE-2019-7951 HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7950 HIGH

Magento <2.1.18-2.3.2 - Auth Bypass

CVE-2019-7947 MEDIUM

Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...

CVE-2019-7945 MEDIUM

Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...

CVE-2019-7944 MEDIUM

Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...

CVE-2019-7942 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Remote Code Execution via XML Layout Updates

Previous Page 12 of 16 Next

Products

community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy