Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7937 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript. | |||||
| CVE-2019-7936 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript. | |||||
| CVE-2019-7935 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. | |||||
| CVE-2019-7934 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. | |||||
| CVE-2019-7927 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript. | |||||
| CVE-2019-7926 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript. | |||||
| CVE-2019-7921 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript. | |||||
| CVE-2019-7909 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. | |||||
| CVE-2019-7908 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information. | |||||
| CVE-2019-7897 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. | |||||
| CVE-2019-7887 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. | |||||
| CVE-2019-7882 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. | |||||
| CVE-2019-7881 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). | |||||
| CVE-2019-7880 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript. | |||||
| CVE-2019-7877 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript. | |||||
| CVE-2019-7875 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. | |||||
| CVE-2019-7869 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. | |||||
| CVE-2019-7868 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. | |||||
| CVE-2019-7867 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. | |||||
| CVE-2019-7866 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. | |||||