Exposure of Magento
CMS, Ecommerce312
exposure score
34,078
sites use
2
exploited
28
critical
CVEs
285 resultsCVE-2019-7904—Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 coulEPSS 0.8%CVE-2021-28567MEDIUMMagento Commerce improper authorization allows an authenticated user to perform certain functions without permissionEPSS 0.8%CVE-2023-29289MEDIUMAdobe Commerce XML Injection Security feature bypassEPSS 0.8%CVE-2019-8090—An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An EPSS 0.8%CVE-2019-8107—An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated useEPSS 0.8%CVE-2019-8140—An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated adEPSS 0.8%CVE-2023-38209MEDIUMAdobe Commerce Incorrect Authorization Security feature bypassEPSS 0.7%CVE-2019-8233—In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a reEPSS 0.7%CVE-2019-7858—A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitEPSS 0.7%CVE-2019-7925—An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prioEPSS 0.7%CVE-2019-8118—Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed loEPSS 0.7%CVE-2021-32684MEDIUMMissing Handler in @scandipwa/magento-scriptsEPSS 0.7%CVE-2022-35692MEDIUMAdobe Commerce Improper Access Control Security feature bypassEPSS 0.7%CVE-2026-40488HIGHOpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code ExecutionEPSS 0.7%CVE-2023-29294MEDIUMBypass Purchase Order Approval using Company User in Adobe Commerce B2BEPSS 0.7%CVE-2023-29287MEDIUMAdobe Commerce Information Exposure Security feature bypassEPSS 0.6%CVE-2019-8152—A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, MagentoEPSS 0.6%CVE-2023-29295MEDIUMInsecure Direct Object Reference (IDOR) in Create Quote FunctionEPSS 0.6%CVE-2023-29296MEDIUM[Cloud] Customer suspects IDOR vulnerabilityEPSS 0.6%CVE-2023-29290MEDIUMAdobe Commerce Guest Cart Shipping Address Overwrite IDOR EPSS 0.6%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →