Shodan
Vulnerabilities
Vulnerable Software
Magento:  >> Magento  >> 2.3.1  Security Vulnerabilities
CVE-2019-7861
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7862
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7863
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7864
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7865
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7866
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7867
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7868
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7869
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-7871
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved