Magento: >> Magento >> 2.0.0 Security Vulnerabilities
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.6
EPSS Score
0.006
Published
2020-07-29
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-07-29
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-12-30
Page 5