Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Magento Commerce — Vulnerabilities & Security Advisories 85

All 85 CVE vulnerabilities found in Magento Commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Adobe

CVE IDTitleCVSSSeverityPaused
CVE-2023-38208 Validate Your Inputs | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) CWE-78 9.1 Critical2023-08-09
CVE-2023-38209 Adobe Commerce Incorrect Authorization Security feature bypass CWE-863 6.5 Medium2023-08-09
CVE-2023-22248 Adobe Commerce Incorrect Authorization Security feature bypass CWE-863 7.5 High2023-06-15
CVE-2023-29287 Adobe Commerce Information Exposure Security feature bypass CWE-200 5.3 Medium2023-06-15
CVE-2023-29289 Adobe Commerce XML Injection Security feature bypass CWE-91 6.5 Medium2023-06-15
CVE-2023-29290 Adobe Commerce Guest Cart Shipping Address Overwrite IDOR CWE-353 5.3 Medium2023-06-15
CVE-2023-29291 Server Side Request Forgery (SSRF) in USPS carrier integration configuration CWE-918 4.9 Medium2023-06-15
CVE-2023-29292 Server Side Request Forgery (SSRF) in FedEx carrier integration configuration CWE-918 4.9 Medium2023-06-15
CVE-2023-29294 Bypass Purchase Order Approval using Company User in Adobe Commerce B2B CWE-840 4.3 Medium2023-06-15
CVE-2023-29295 Insecure Direct Object Reference (IDOR) in Create Quote Function CWE-863 4.3 Medium2023-06-15
CVE-2023-29296 [Cloud] Customer suspects IDOR vulnerability CWE-863 4.3 Medium2023-06-15
CVE-2023-29297 Admin-to-admin stored XSS via cache poisoning CWE-1336 9.1 Critical2023-06-15
CVE-2023-22249 Adobe Commerce Stored XSS Arbitrary code execution CWE-79 4.8 Medium2023-03-27
CVE-2023-22247 Adobe Commerce XML Injection Arbitrary file system read CWE-91 7.5 High2023-03-27
CVE-2023-22250 Adobe Commerce Improper Access Control Security feature bypass CWE-284 5.3 Medium2023-03-27
CVE-2023-22251 Adobe Commerce Incorrect Authorization Security feature bypass CWE-863 4.3 Medium2023-03-27
CVE-2022-35689 Adobe Commerce Improper Access Control Security feature bypass CWE-284 5.3 Medium2022-10-14
CVE-2022-35698 Adobe Commerce Stored XSS Arbitrary code execution CWE-79 10.0 Critical2022-10-14
CVE-2022-35692 Adobe Commerce Improper Access Control Security feature bypass CWE-863 5.3 Medium2022-08-19
CVE-2022-34259 Adobe Commerce Improper Access Control Security feature bypass CWE-284 5.3 Medium2022-08-16
CVE-2022-34257 Adobe Commerce Stored XSS Arbitrary code execution CWE-79 6.1 Medium2022-08-16
CVE-2022-34253 Adobe Commerce XML Injection Arbitrary code execution CWE-91 7.2 -2022-08-16
CVE-2022-34255 Adobe Commerce Improper Access Control Privilege escalation CWE-284 8.8 High2022-08-16
CVE-2022-34254 Adobe Commerce Improper Limitation of a Pathname to a Restricted Directory Arbitrary code execution CWE-22 9.6 -2022-08-16
CVE-2022-34256 Adobe Commerce Improper Authorization Privilege escalation CWE-285 7.5 High2022-08-16
CVE-2022-34258 Adobe Commerce Stored XSS Arbitrary code execution CWE-79 4.8 Medium2022-08-16
CVE-2022-24086 Adobe Commerce checkout improper input validation leads to remote code execution CWE-20 9.8 Critical2022-02-16
CVE-2021-39864 Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition CWE-352 6.5 Medium2021-10-15
CVE-2021-28567 Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission CWE-285 6.5 -2021-09-08
CVE-2021-28566 Magento Commerce information disclosure during upload action leveraging a specially crafted file CWE-200 3.7 Low2021-09-08

All 85 known CVE vulnerabilities affecting Magento Commerce with full Chinese analysis, references, and POCs where available.