Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / magento

magento

380 tracked vulnerabilities.

CVE-2019-7940 MEDIUM

Magento < 1.9.4.2, < 1.14.4.2, 2.1 < 2.1.18, 2.2 < 2.2.9, 2.3 < 2.3.2 - Stored XSS via Store Currency

CVE-2019-7939 MEDIUM

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Reflected Cross-Site Scripting on Customer Cart Checkout Page

CVE-2019-7938 MEDIUM

Magento < 1.9.4.2, < 1.14.4.2, 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Stored XSS in Catalog Price Rules

CVE-2019-7937 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Panel Product Attributes

CVE-2019-7936 MEDIUM

Magento 2.1.0-2.1.17 and 2.3.0-2.3.1 - Authenticated Stored Cross-Site Scripting in Admin Panel Content Block Titles

CVE-2019-7935 MEDIUM

Magento < 1.9.4.2, < 1.14.4.2, 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Stored XSS in Admin Panel

CVE-2019-7934 MEDIUM

Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - XSS

CVE-2019-7932 HIGH

Magento <1.9.4.2-2.3.2 - Authenticated RCE

CVE-2019-7930 HIGH

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Arbitrary File Upload via Import Configuration Bypass

CVE-2019-7929 MEDIUM

Magento <2.1.18-2.3.2 - Info Disclosure

CVE-2019-7928 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Unauthenticated Denial of Service via PayPal Token Exchange

CVE-2019-7927 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Panel

CVE-2019-7926 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Panel

CVE-2019-7925 MEDIUM

Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Insecure Direct Object Reference

CVE-2019-7923 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Server-Side Request Forgery in Shipment Settings

CVE-2019-7921 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Product Catalog Form

CVE-2019-7915 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Unauthenticated Denial of Service via Full Page Cache Manipulation

CVE-2019-7913 HIGH

Magento 2.1.0-2.1.17 - Authenticated Server-Side Request Forgery via Shipment Method Manipulation

CVE-2019-7912 HIGH

Magento <2.1.18-2.3.2 - Auth Bypass

CVE-2019-7911 HIGH

Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - SSRF

CVE-2019-7909 MEDIUM

Magento < 1.9.4.2, < 1.14.4.2, 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Email Templates

CVE-2019-7908 MEDIUM

Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Panel

CVE-2019-7904 MEDIUM

Magento <2.1.18, <2.2.9, <2.3.2 - Privilege Escalation

CVE-2019-7903 HIGH

Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Remote Code Execution via Email Template Preview

CVE-2019-7899 MEDIUM

Magento Open Source <1.9.4.2 - Info Disclosure

Previous Page 13 of 16 Next

Products

community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy