Exposición de Magento

CMS, Ecommerce

312

score de exposición

34.078

sitios usan

2

en explotación

28

críticos

CVEs

285 resultados

CVE-2019-8092—A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An autheEPSS 0.6%CVE-2019-8115—A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An autheEPSS 0.6%CVE-2019-8148—A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject aEPSS 0.6%CVE-2026-25524HIGHOpenMage LTS's Phar Deserialization leads to Remote Code ExecutionEPSS 0.5%CVE-2019-8227—In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitraryEPSS 0.5%CVE-2019-8228—in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitraryEPSS 0.5%CVE-2026-25525MEDIUMOpenMage LTS has Path Traversal Filter Bypass in Dataflow ModuleEPSS 0.5%CVE-2019-8155—Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacEPSS 0.5%CVE-2019-7865—A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.EPSS 0.5%CVE-2019-7851—A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead tEPSS 0.4%CVE-2019-7874—A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. ThEPSS 0.4%CVE-2019-7947—A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and MagenEPSS 0.4%CVE-2021-21395MEDIUMMagneto-lts vulnerable to Cross-Site Request ForgeryEPSS 0.4%CVE-2019-7857—A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause EPSS 0.4%CVE-2019-7873—A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. ThEPSS 0.4%CVE-2023-34379MEDIUMWordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access ControlEPSS 0.4%CVE-2024-41676MEDIUMMagento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configsEPSS 0.3%CVE-2026-25523MEDIUMMagento's X-Original-Url header can expose admin urlEPSS 0.3%CVE-2026-42155CRITICALMagento LTS: Weak API Session ID — Predictable MD5 of Time-Derived InputsEPSS 0.3%CVE-2026-42458MEDIUMMagento LTS: Reflected XSS - Import -> Data Flow (profiles)EPSS 0.3%

← anteriorpágina 14 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →