VYPR

Magento

by Magento

Source repositories

CVEs (23)

  • CVE-2019-7940Aug 2, 2019
    risk 0.00cvss epss 0.01

    A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated…

  • CVE-2015-3458Apr 29, 2015
    risk 0.00cvss epss 0.06

    The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP…

  • CVE-2011-5240Nov 6, 2012
    risk 0.00cvss epss 0.01

    Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Page 2 of 2