Exposición de Magento

CMS, Ecommerce

312

score de exposición

34.078

sitios usan

2

en explotación

28

críticos

CVEs

285 resultados

CVE-2019-7912—A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploEPSS 1.6%CVE-2021-28585MEDIUMMagento Commerce improper input validation in customer customer webapiEPSS 1.6%CVE-2021-39864MEDIUMAdobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart AdditionEPSS 1.6%CVE-2020-24404LOWIncorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST APIEPSS 1.6%CVE-2021-21032MEDIUMMagento Commerce Failure To Invalidate User Session Could Lead To Unauthorized AccessEPSS 1.6%CVE-2020-9577—Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scEPSS 1.5%CVE-2020-9581—Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scEPSS 1.5%CVE-2020-24405MEDIUMIncorrect permissions in Inventory module could lead to unauthorized modification of inventory stock dataEPSS 1.5%CVE-2019-8153—A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. SucEPSS 1.5%CVE-2019-7859—A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2EPSS 1.5%CVE-2019-7923—A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2EPSS 1.4%CVE-2019-7913—A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2EPSS 1.4%CVE-2019-7911—A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, MEPSS 1.4%CVE-2021-28563MEDIUMMagento Commerce improper Authorization via the 'Create Customer' endpointEPSS 1.4%CVE-2020-9665—Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation couEPSS 1.4%CVE-2022-34259MEDIUMAdobe Commerce Improper Access Control Security feature bypassEPSS 1.4%CVE-2019-8231—In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can exeEPSS 1.4%CVE-2019-8230—In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settinEPSS 1.4%CVE-2019-8229—In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes EPSS 1.4%CVE-2021-28556MEDIUMMagento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript executionEPSS 1.4%

← anteriorpágina 7 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →