Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8117 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification.
|
|||||
| CVE-2019-8115 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation.
|
|||||
| CVE-2019-8092 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview.
|
|||||
| CVE-2019-8089 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8085 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8084 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8083 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8080 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.
|
|||||
| CVE-2019-8079 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-8078 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2019-7955 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
|
|||||
| CVE-2019-7954 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
|
|||||
| CVE-2019-7945 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.
|
|||||
| CVE-2019-7944 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.
|
|||||
| CVE-2019-7940 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.
|
|||||
| CVE-2019-7939 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser.
|
|||||
| CVE-2019-7938 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.
|
|||||
| CVE-2019-7937 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript.
|
|||||
| CVE-2019-7936 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript.
|
|||||
| CVE-2019-7935 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript.
|
|||||
| CVE-2019-7934 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript.
|
|||||
| CVE-2019-7927 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript.
|
|||||
| CVE-2019-7926 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript.
|
|||||
| CVE-2019-7921 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript.
|
|||||
| CVE-2019-7909 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates.
|
|||||
| CVE-2019-7908 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information.
|
|||||
| CVE-2019-7897 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript.
|
|||||
| CVE-2019-7887 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled.
|
|||||
| CVE-2019-7882 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files.
|
|||||
| CVE-2019-7881 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).
|
|||||
| CVE-2019-7880 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript.
|
|||||
| CVE-2019-7877 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript.
|
|||||
| CVE-2019-7875 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates.
|
|||||
| CVE-2019-7869 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.
|
|||||
| CVE-2019-7868 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.
|
|||||
| CVE-2019-7867 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.
|
|||||
| CVE-2019-7866 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
|
|||||
| CVE-2019-7863 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.
|
|||||
| CVE-2019-7862 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
|
|||||
| CVE-2019-7853 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel.
|
|||||