OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
Max CVSS
8.0
EPSS Score
0.08%
Published
2020-08-20
Updated
2021-11-18
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-11-06
Updated
2020-08-24
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.
Max CVSS
8.0
EPSS Score
0.08%
Published
2019-11-05
Updated
2019-11-07
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-08-02
Updated
2019-08-06
4 vulnerabilities found