Magento 1 Magento 2
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:magento_1_magento_2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Magento 1 Magento 2 (538cf350-f9b9-50b0-8fb8-6d4bc9cfbf83) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-7947 |
vulnerable | 2026-06-08 05:14:14.889129 |
Details available
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Published: 2019-08-02T21:35:03.000Z
Updated: 2024-08-04T21:02:19.419Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7945 |
vulnerable | 2026-06-08 05:14:14.888724 |
Details available
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.
Published: 2019-08-02T21:34:46.000Z
Updated: 2024-08-04T21:02:19.405Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7944 |
vulnerable | 2026-06-08 05:14:14.888408 |
Details available
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.
Published: 2019-08-02T21:34:28.000Z
Updated: 2024-08-04T21:02:19.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7940 |
vulnerable | 2026-06-08 05:14:14.887381 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.
Published: 2019-08-02T21:33:42.000Z
Updated: 2024-08-04T21:02:19.364Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7938 |
vulnerable | 2026-06-08 05:14:14.886758 |
Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.
Published: 2019-08-02T21:33:03.000Z
Updated: 2024-08-04T21:02:19.414Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7935 |
vulnerable | 2026-06-08 05:14:14.885739 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7934 |
vulnerable | 2026-06-08 05:14:14.885296 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7932 |
vulnerable | 2026-06-08 05:14:14.884924 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7911 |
vulnerable | 2026-06-08 05:14:14.865162 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7909 |
vulnerable | 2026-06-08 05:14:14.864775 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7899 |
vulnerable | 2026-06-08 05:14:14.863436 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7898 |
vulnerable | 2026-06-08 05:14:14.863130 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7897 |
vulnerable | 2026-06-08 05:14:14.862816 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7889 |
vulnerable | 2026-06-08 05:14:14.861053 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7887 |
vulnerable | 2026-06-08 05:14:14.860260 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7882 |
vulnerable | 2026-06-08 05:14:14.858979 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7875 |
vulnerable | 2026-06-08 05:14:14.857381 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7849 |
vulnerable | 2026-06-08 05:14:14.843761 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.