Show filters
360 Total Results
Displaying 331-340 of 360
Sort by:
Attacker Value
Unknown
CVE-2019-7864
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
0
Attacker Value
Unknown
CVE-2019-7929
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.
0
Attacker Value
Unknown
CVE-2019-7942
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.
0
Attacker Value
Unknown
CVE-2019-7874
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
0
Attacker Value
Unknown
CVE-2019-7899
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
0
Attacker Value
Unknown
CVE-2019-7866
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
0
Attacker Value
Unknown
CVE-2019-7892
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.
0
Attacker Value
Unknown
CVE-2019-7895
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.
0
Attacker Value
Unknown
CVE-2019-7862
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
0
Attacker Value
Unknown
CVE-2019-7858
Disclosure Date: August 02, 2019 (last updated November 27, 2024)
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
0
