Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

E-Commerce

Magento

Magento is an Open Source ecommerce web application launched on March 31 2008. It was created by Varien building on components of the Zend Framework.

Official Site:

https://magento.com/

Severity Summary:

Critical: 33 High: 70 Medium: 116 Low: 4
Reference
Title
Severity
CVE-2019-8140
Magento Unrestricted Upload of File with Dangerous Type Vulnerability
Medium
CVE-2019-8139
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8138
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8131
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8148
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8129
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8128
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8126
Magento Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) Vulnerability
Medium
CVE-2019-8123
Magento Vulnerability
Medium
CVE-2019-8120
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8118
Magento Cleartext Storage of Sensitive Information Vulnerability
Medium
CVE-2019-8117
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8147
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8152
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-7873
Magento Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2020-3717
Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2020-9690
Magento Observable Differences in Behavior to Error Inputs Vulnerability
Medium
CVE-2020-9689
Magento Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2020-9665
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-9584
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-9581
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-9577
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-3758
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-3715
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8153
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8157
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8145
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8132
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8233
Magento Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-8232
Magento Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Medium