VYPR

Magento Commerce

by Adobe Inc.

Source repositories

CVEs (85)

  • CVE-2020-24403Nov 9, 2020
    risk 0.00cvss epss 0.02

    Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory…

  • CVE-2020-24401Nov 9, 2020
    risk 0.00cvss epss 0.02

    Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.

  • CVE-2020-24402Nov 9, 2020
    risk 0.00cvss epss 0.02

    Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API…

  • CVE-2020-24400Nov 9, 2020
    risk 0.00cvss epss 0.02

    Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the…

  • CVE-2020-24408Oct 16, 2020
    risk 0.00cvss epss 0.02

    Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other…

Page 5 of 5