Show filters
360 Total Results
Displaying 291-300 of 360
Sort by:
Attacker Value
Unknown
CVE-2019-7886
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
0
Attacker Value
Unknown
CVE-2019-7880
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.
0
Attacker Value
Unknown
CVE-2019-7896
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update.
0
Attacker Value
Unknown
CVE-2019-7875
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates.
0
Attacker Value
Unknown
CVE-2019-7869
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.
0
Attacker Value
Unknown
CVE-2019-7913
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.
0
Attacker Value
Unknown
CVE-2019-7867
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.
0
Attacker Value
Unknown
CVE-2019-7904
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.
0
Attacker Value
Unknown
CVE-2019-7861
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
0
Attacker Value
Unknown
CVE-2019-7877
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
0
