CRITICAL9.8CVE-2024-34102⚠ KEVMagento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability >= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
CRITICAL9.8CVE-2022-24086⚠ KEVMagento improper input validation vulnerability from 0, < 2.3.0 | >= 2.3.3, <= 2.3.6, >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.4.0, <= 2.4.2, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3, <= 2.4.3
CRITICAL9.8Magento security mitigation bypass vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento business logic error vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento security mitigation bypass vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento Defense-in-depth security mitigation vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento command injection vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento command injection vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento Security mitigation bypass vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento command injection vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento Security mitigation bypass vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento command injection vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
CRITICAL9.8Magento security bypass vulnerability
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
CRITICAL9.8Magento deserialization vulnerability
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
CRITICAL9.6Magento DOM-based Cross-site scripting vulnerability
from 0, < 2.3.5
CRITICAL9.1Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that cou…
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
CRITICAL9.1Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution
from 0, < 2.3.7, >= 2.4.0, < 2.4.2
CRITICAL9.1Magento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code Execution
from 0, < 2.3.7, >= 2.4.0, < 2.4.2
CRITICAL9.1Magento Commerce CMS Page Improper Input Validation Could Lead To Remote Code Execution
from 0, < 2.3.7, >= 2.4.0, < 2.4.2
CRITICAL9.1Magento XML Injection vulnerability in the Widgets Module
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
CRITICAL9.1Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
CRITICAL9.1Magento Commerce XML Injection Could Lead To Remote Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.2
CRITICAL9.1Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.2
CRITICAL9.1Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.2
CRITICAL9.1Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
CRITICAL9.1Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.2
CRITICAL9.1Arbitrary code execution via file import functionality
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
CRITICAL9.0Magento Open Source allows Improper Input Validation
>= 2.4.7-alpha0, < 2.4.7, >= 2.4.6-alpha0, < 2.4.6-p5, >= 2.4.5-alpha0, < 2.4.5-p7, >= 2.4.4-alpha0, < 2.4.4-p8
HIGH8.8Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that c…
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
HIGH8.8[CVE-2021-36032] Magento IDOR Leads to Account Takeover
from 0, < 2.3.7, >= 2.4.0, < 2.4.5
HIGH8.8Magento Improper Access Control vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
HIGH8.5Magento Path Traversal vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
HIGH8.2Magento Open Source Improper Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
HIGH8.1Magento Open Source Improper Authentication vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
HIGH8.1Magento Open Source allows Cross-Site Scripting (XSS)
>= 2.4.7-alpha0, < 2.4.7, >= 2.4.6-alpha0, < 2.4.6-p5, >= 2.4.5-alpha0, < 2.4.5-p7, >= 2.4.4-alpha0, < 2.4.4-p8
HIGH8.1Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
HIGH8.0Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.2
HIGH8.0Observable Timing Discrepancy in OpenMage LTS
from 0, < 2.3.6
HIGH7.5Magento Improper Authorization vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
HIGH7.5Magento Commerce insecure storage of sensitive documentation
from 0, < 2.3.6, >= 2.4.1, < 2.4.2, >= 2.4.2, < 2.4.3
HIGH7.5Magento defense-in-depth security mitigation vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
HIGH7.5Magento authorization bypass vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
HIGH7.5Magento sql injection vulnerability
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
HIGH7.2Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that cou…
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
HIGH7.2Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type…
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
HIGH7.2Magento Signature verification bypass
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
HIGH7.1SQL injection allows arbitrary read from database
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
MEDIUM6.9Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution
from 0, < 2.3.7, >= 2.4.0, < 2.4.3
MEDIUM6.5Magento Open Source Improper Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM6.5Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
MEDIUM6.5Magento Commerce improper Authorization via the 'Create Customer' endpoint
from 0, < 2.3.7, >= 2.4.0, < 2.4.3
MEDIUM6.5Incorrect permissions following the deletion of a user role or deactivation of a user
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
MEDIUM6.5Magento security mitigation bypass vulnerability
from 0, < 2.3.5
MEDIUM6.5Magento path traversal vulnerability
from 0, < 2.3.6
MEDIUM6.1Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
MEDIUM6.1Stored XSS in customer address upload feature
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM6.1Magento stored cross-site scripting vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
MEDIUM6.1Magento stored cross-site scripting vulnerability
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
MEDIUM6.1Magento stored cross-site scripting vulnerability
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
MEDIUM6.1Magento stored cross-site scripting vulnerability
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
MEDIUM5.6Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM5.6Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM5.5Magento stored Cross-Site Scripting (XSS) vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
MEDIUM5.4Magento Open Source Improper Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM5.4Magento Open Source Improper Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM5.4Magento Commerce path traversal vulnerability in child theme store creation
from 0, < 2.3.6, >= 2.4.1, < 2.4.2, >= 2.4.2, < 2.4.3
MEDIUM5.4Magento Stored cross-site scripting
>= 2.2.0, < 2.2.12, >= 2.3.0, < 2.3.5
MEDIUM5.3Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM5.3Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
MEDIUM5.3Magento Open Source Incorrect Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
MEDIUM5.3Magento Improper Access Control vulnerability
>= 2.3.0, < 2.3.7, >= 2.4.0, < 2.4.3 | >= 2.3.7-p1, <= 2.3.7-p1, >= 2.3.7-p2, <= 2.3.7-p2, >= 2.3.7-p3, <= 2.3.7-p3, >= 2.3.7, <= 2.3.7, >= 2.4.3-p1, <= 2.4.3-p1, >= 2.4.3-p2, <= 2.4.3-p2, >= 2.4.3, <= 2.4.3, >= 2.4.4, <= 2.4.4
MEDIUM5.3Magento Commerce improper input validation in customer customer webapi
from 0, < 2.3.6, >= 2.4.1, < 2.4.2, >= 2.4.2, < 2.4.3
MEDIUM5.3Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM5.3Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM5.3Magento Commerce Improper Access Control Vulnerability
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM5.3Magento Path Traversal
>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
MEDIUM5.0Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission
from 0, < 2.4.3
MEDIUM4.9Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
MEDIUM4.8Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM4.8Magento Open Source Cross-Site Scripting (XSS) vulnerability
>= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
MEDIUM4.8Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM4.8Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM4.3Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM4.3Magento Open Source Incorrect Authorization vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM4.3Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
MEDIUM4.3Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
from 0, < 2.3.6, >= 2.4.0, < 2.4.1
MEDIUM4.3Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
MEDIUM4.2Magento observable timing discrepancy vulnerability
from 0, < 2.3.5
LOW3.7Magento Commerce information disclosure during upload action leveraging a specially crafted file
from 0, < 2.4.3
LOW3.7Document root path disclosure on Maintenance page
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
LOW2.7Magento Open Source Information Exposure vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
LOW2.7Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
LOW2.7Magento Open Source Improper Access Control vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
LOW2.7Magento Open Source Information Exposure vulnerability
>= 2.4.7-alpha0, < 2.4.7-p3, >= 2.4.6-alpha0, < 2.4.6-p8, >= 2.4.5-alpha0, < 2.4.5-p10, from 0, < 2.4.4-p11
LOW2.7Incorrect permissions could lead to unauthorized modification of inventory source data via REST API
from 0, < 2.3.5, >= 2.4.0, < 2.4.1
LOW2.7Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API
from 0, < 2.3.5, >= 2.4.0, < 2.4.1