magento

380 tracked vulnerabilities.

CVE-2019-7898 MEDIUM
Magento <1.9.4.2-2.3.2 - Info Disclosure
Aug 02, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-7897 MEDIUM
Magento < 1.9.4.2, < 1.14.4.2, 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Stored XSS in Admin Panel
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7896 HIGH
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Remote Code Execution via XML Layout Update
Aug 02, 2019
CVSS 7.2
EPSS 0.01
CVE-2019-7895 HIGH
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Remote Code Execution via XML Layout Update
Aug 02, 2019
CVSS 7.2
EPSS 0.01
CVE-2019-7892 HIGH
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Remote Code Execution via Server-Side Request Forgery
Aug 02, 2019
CVSS 7.2
EPSS 0.01
CVE-2019-7890 HIGH
Magento <2.1.18-2.3.2 - Info Disclosure
Aug 02, 2019
CVSS 7.3
EPSS 0.00
CVE-2019-7889 MEDIUM
Magento <1.9.4.2, <1.14.4.2, <2.1.18, <2.2.9, <2.3.2 - Command Inje...
Aug 02, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-7888 MEDIUM
Magento <2.1.18-2.3.2 - Info Disclosure
Aug 02, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-7887 MEDIUM
Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7886 HIGH
Magento <2.1.18-2.3.2 - Info Disclosure
Aug 02, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-7885 HIGH
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Authenticated Remote Code Execution via Elasticsearch Config Builder
Aug 02, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-7882 MEDIUM
Magento Open Source <1.9.4.2 - Magento Commerce <1.14.4.2 - Magento...
Aug 02, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-7881 MEDIUM
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Cross-Site Scripting
Aug 02, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-7880 MEDIUM
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Stored Cross-Site Scripting in Marketing Email Templates
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7877 MEDIUM
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Stored XSS in Admin Order Management
Aug 02, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-7876 HIGH
Magento 2.1-2.1.17 - Authenticated Remote Code Execution via Layout Manipulation
Aug 02, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-7875 MEDIUM
Magento < 1.9.4.2, < 1.14.4.2, 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Newsletter Templates
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7874 MEDIUM
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Cross-Site Request Forgery
Aug 02, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-7873 MEDIUM
Magento 2.1.0-2.1.17 - Cross-Site Request Forgery
Aug 02, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-7872 MEDIUM
Magento 2.1-2.1.17, 2.2-2.2.8, 2.3-2.3.1 - Authenticated Insecure Direct Object Reference
Aug 02, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-7871 HIGH
Magento <2.1.18-2.3.2 - Auth Bypass
Aug 02, 2019
CVSS 8.8
EPSS 0.00
CVE-2019-7869 MEDIUM
Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Panel
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7868 MEDIUM
Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting in Admin Tax Rule Management
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7867 MEDIUM
Magento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Stored XSS in Admin Order Management
Aug 02, 2019
CVSS 4.8
EPSS 0.00
CVE-2019-7866 MEDIUM
Magento 2.1.0-2.1.17 - Authenticated Stored Cross-Site Scripting via TinyMCE Editor
Aug 02, 2019
CVSS 4.8
EPSS 0.00
Products
community-edition 355 magento 221 project-community-edition 161 core 24 product-community-edition 4 advanced_newsletter 1 magento1ce 1 magento1ee 1 magento2 1 upward_connector 1 upward_php 1
Quick Filters
Critical CVEs With Exploits In CISA KEV