Vendor
Adobe Systems Incorporated
Products
2
CVEs
9
Across products
9
Status
Private
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-8227 | 0.00 | — | 0.02 | Nov 6, 2019 | In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | ||
| CVE-2019-8228 | 0.00 | — | 0.02 | Nov 5, 2019 | in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | ||
| CVE-2019-8229 | 0.00 | — | 0.00 | Nov 5, 2019 | In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates. | ||
| CVE-2019-8230 | 0.00 | — | 0.00 | Nov 5, 2019 | In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path. | ||
| CVE-2019-8231 | 0.00 | — | 0.00 | Nov 5, 2019 | In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification. | ||
| CVE-2019-8155 | 0.00 | — | 0.00 | Nov 5, 2019 | Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions. | ||
| CVE-2019-8125 | 0.00 | — | 0.01 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution. | ||
| CVE-2019-8123 | 0.00 | — | 0.00 | Nov 5, 2019 | An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. | ||
| CVE-2019-8091 | 0.00 | — | 0.01 | Nov 5, 2019 | A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution. |