Total
41088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8138 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event. | ||||
| CVE-2019-8132 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard. | ||||
| CVE-2019-8131 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source. | ||||
| CVE-2019-8129 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation. | ||||
| CVE-2019-8128 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website. | ||||
| CVE-2019-8120 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address. | ||||
| CVE-2019-8117 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification. | ||||
| CVE-2019-8115 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation. | ||||
| CVE-2019-8092 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview. | ||||
| CVE-2019-8089 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8085 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8084 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8083 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8080 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-8079 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-8078 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 6.1 Medium |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-7955 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | ||||
| CVE-2019-7954 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | ||||
| CVE-2019-7945 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. | ||||
| CVE-2019-7944 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. | ||||