VYPR

Packagist (Composer) package

magento/community-edition

pkg:composer/magento/community-edition

Vulnerabilities (355)

  • CVE-2019-8092Nov 5, 2019
    affected >= 2.2.0, < 2.2.10fixed 2.2.10

    A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.

  • CVE-2019-8090Nov 5, 2019
    affected >= 2.2.0, < 2.2.10fixed 2.2.10

    An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

  • CVE-2019-7853Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.

  • CVE-2019-7951Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via cr

  • CVE-2019-7950Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to

  • CVE-2019-7947Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-7945Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbol

  • CVE-2019-7944Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privil

  • CVE-2019-7942Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates.

  • CVE-2019-7939Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript executio

  • CVE-2019-7938Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated

  • CVE-2019-7937Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascrip

  • CVE-2019-7936Aug 2, 2019
    affected >= 2.3.0, < 2.3.2fixed 2.3.2

    A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javasc

  • CVE-2019-7935Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated

  • CVE-2019-7934Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated

  • CVE-2019-7932Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can ex

  • CVE-2019-7930Aug 2, 2019
    affected >= 2.1, < 2.1.18fixed 2.1.18

    A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unaut

  • CVE-2019-7929Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted htt

  • CVE-2019-7928Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the

  • CVE-2019-7927Aug 2, 2019
    affected >= 2.1.0, < 2.1.18fixed 2.1.18

    A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascr

Page 15 of 18