Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

E-Commerce

Magento

Magento is an Open Source ecommerce web application launched on March 31 2008. It was created by Varien building on components of the Zend Framework.

Official Site:

https://magento.com/

Severity Summary:

Critical: 33 High: 70 Medium: 116 Low: 4
Reference
Title
Severity
CVE-2020-9587
Magento Incorrect Authorization Vulnerability
High
CVE-2019-8231
Magento Vulnerability
High
CVE-2019-8127
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-8141
Magento Deserialization of Untrusted Data Vulnerability
High
CVE-2021-36023
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2015-6497
Magento Improper Input Validation Vulnerability
High
CVE-2019-8137
Magento Vulnerability
High
CVE-2019-8124
Magento Insufficient Verification of Data Authenticity Vulnerability
High
CVE-2019-8134
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-21015
Magento Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2021-36036
Magento Improper Access Control Vulnerability
High
CVE-2019-8130
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-8125
Magento Vulnerability
High
CVE-2019-7852
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2019-7868
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7853
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7867
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7862
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-34259
Magento Vulnerability
Medium
CVE-2019-7866
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7855
Magento Cryptographic Issues Vulnerability
Medium
CVE-2019-7863
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-34257
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-34258
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7864
Magento Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2019-7857
Magento Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2018-5301
Magento Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2021-28567
Magento Incorrect Authorization Vulnerability
Medium
CVE-2015-1398
Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2021-21023
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium