Magento 1 & 2
Approved changes feed: RSS · Atom
cpe:2.3:a:adobe_systems_incorporated:magento_1_&_2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Adobe Systems Incorporated (01c82c24-64de-5c58-a31e-5b02ca0f0e97) |
|---|---|
| Product | Magento 1 & 2 (1504f77f-8714-5c0c-9232-93ce795b80b8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-8232 |
vulnerable | 2026-06-03 14:40:47.355047 |
Details available
In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.
Published: 2019-11-05T23:55:43.000Z
Updated: 2024-08-04T21:10:33.605Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-8152 |
vulnerable | 2026-06-03 14:40:42.490693 |
Details available
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.
Published: 2019-11-05T23:47:41.000Z
Updated: 2024-08-04T21:10:33.108Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-8114 |
vulnerable | 2026-06-03 14:40:42.468338 |
Details available
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.
Published: 2019-11-05T22:24:13.000Z
Updated: 2024-08-04T21:10:32.616Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.