Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

E-Commerce

Magento

Magento is an Open Source ecommerce web application launched on March 31 2008. It was created by Varien building on components of the Zend Framework.

Official Site:

https://magento.com/

Severity Summary:

Critical: 33 High: 70 Medium: 116 Low: 4
Reference
Title
Severity
CVE-2021-21020
Magento Improper Access Control Vulnerability
Medium
CVE-2021-21026
Magento Improper Authorization Vulnerability
Medium
CVE-2021-21027
Magento Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2021-21029
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-9758
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-21031
Magento Insufficient Session Expiration Vulnerability
Medium
CVE-2015-3458
Magento Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2021-21032
Magento Insufficient Session Expiration Vulnerability
Medium
CVE-2015-3457
Magento Improper Authentication Vulnerability
Medium
CVE-2015-1399
Magento Improper Control of Generation of Code (Code Injection) Vulnerability
Medium
CVE-2016-2212
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2021-28556
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-1397
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2020-24408
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-28585
Magento Improper Input Validation Vulnerability
Medium
CVE-2020-24401
Magento Incorrect Authorization Vulnerability
Medium
CVE-2020-24402
Magento Improper Authorization Vulnerability
Medium
CVE-2020-24405
Magento Improper Authorization Vulnerability
Medium
CVE-2016-10704
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2021-21022
Magento Improper Authorization Vulnerability
Medium
CVE-2021-28583
Magento Violation of Secure Design Principles Vulnerability
Medium
CVE-2021-28563
Magento Improper Authorization Vulnerability
Medium
CVE-2019-7851
Magento Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2019-7869
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-9692
Magento Incorrect Authorization Vulnerability
Medium
CVE-2019-7872
Magento Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2019-8133
Magento Vulnerability
Medium
CVE-2019-8146
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8143
Magento Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2019-8142
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium