Magento Product-Community-Edition vulnerabilities

4 known vulnerabilities affecting magento/product-community-edition.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-7876HIGH≥ 2.1, < 2.1.18≥ 2.2, < 2.2.9+1 more2022-05-24
CVE-2019-7876 [HIGH] Magento 2 Community Edition RCE Vulnerability Magento 2 Community Edition RCE Vulnerability A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.
ghsaosv
CVE-2019-7865HIGH≥ 2.1, < 2.1.18≥ 2.2, < 2.2.9+1 more2022-05-24
CVE-2019-7865 [HIGH] CWE-352 Magento 2 Community Edition CSRF Vulnerability Magento 2 Community Edition CSRF Vulnerability A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
ghsaosv
CVE-2019-7938MEDIUM≥ 2.1, < 2.1.18≥ 2.2, < 2.2.9+1 more2022-05-24
CVE-2019-7938 [MEDIUM] CWE-79 Magento 2 Community Edition XSS Vulnerability Magento 2 Community Edition XSS Vulnerability A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.
ghsaosv
CVE-2019-8121HIGH≥ 2.2, < 2.2.10≥ 2.3, < 2.3.2-p22019-11-12
CVE-2019-8121 [HIGH] Using JS libraries with known security vulnerabilities Using JS libraries with known security vulnerabilities An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.
ghsaosv