Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:magento_1_magento_2:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductMagento 1 Magento 2 (538cf350-f9b9-50b0-8fb8-6d4bc9cfbf83)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-7947 vulnerable 2026-06-08 05:14:14.889129 Details available
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Published: 2019-08-02T21:35:03.000Z
Updated: 2024-08-04T21:02:19.419Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7945 vulnerable 2026-06-08 05:14:14.888724 Details available
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript.
Published: 2019-08-02T21:34:46.000Z
Updated: 2024-08-04T21:02:19.405Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7944 vulnerable 2026-06-08 05:14:14.888408 Details available
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript.
Published: 2019-08-02T21:34:28.000Z
Updated: 2024-08-04T21:02:19.411Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7940 vulnerable 2026-06-08 05:14:14.887381 Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript.
Published: 2019-08-02T21:33:42.000Z
Updated: 2024-08-04T21:02:19.364Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7938 vulnerable 2026-06-08 05:14:14.886758 Details available
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.
Published: 2019-08-02T21:33:03.000Z
Updated: 2024-08-04T21:02:19.414Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7935 vulnerable 2026-06-08 05:14:14.885739 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7934 vulnerable 2026-06-08 05:14:14.885296 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7932 vulnerable 2026-06-08 05:14:14.884924 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7911 vulnerable 2026-06-08 05:14:14.865162 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7909 vulnerable 2026-06-08 05:14:14.864775 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7899 vulnerable 2026-06-08 05:14:14.863436 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7898 vulnerable 2026-06-08 05:14:14.863130 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7897 vulnerable 2026-06-08 05:14:14.862816 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7889 vulnerable 2026-06-08 05:14:14.861053 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7887 vulnerable 2026-06-08 05:14:14.860260 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7882 vulnerable 2026-06-08 05:14:14.858979 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7875 vulnerable 2026-06-08 05:14:14.857381 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-7849 vulnerable 2026-06-08 05:14:14.843761 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.