Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Magento Commerce — Vulnerabilities & Security Advisories 85

All 85 CVE vulnerabilities found in Magento Commerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Adobe

CVE IDTitleCVSSSeverityPublished
CVE-2021-36044 Magento Commerce GraphQL Improper Input Validation Could Lead To Denial Of Service CWE-20 7.5 High2021-09-01
CVE-2021-36027 Magento Commerce Stored Cross-site Scripting Vulnerability CWE-79 6.5 Medium2021-09-01
CVE-2021-36043 Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution CWE-918 8.0 High2021-09-01
CVE-2021-36042 Magento Commerce API File Option Upload Extension Improper Input Validation Vulnerability Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36030 Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation CWE-20 7.5 High2021-09-01
CVE-2021-36041 Magento Commerce Improper Input Validation Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36040 Magento Commerce Improper Input Validation Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36025 Magento Commerce Customer Edition Improper Input Validation Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36020 Magento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution CWE-91 8.2 High2021-09-01
CVE-2021-36035 Magento Commerce Stock Media Improper Input Validation Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36024 Magento Commerce Improper Neutralization of Special Elements Used In A Command CWE-78 9.1 Critical2021-09-01
CVE-2021-36031 Magento Commerce Path Traversal In `theme[preview_image]` Parameter Could Lead To Remote Code Execution CWE-22 7.2 High2021-09-01
CVE-2021-36039 Magento Commerce `quoteId` parameter Incorrect Authorization Vulnerability Could Lead To Information Disclosure CWE-863 6.5 Medium2021-09-01
CVE-2021-36029 Magento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution CWE-285 9.1 Critical2021-09-01
CVE-2021-36026 Magento Commerce Stored Cross-site Scripting Vulnerability CWE-79 6.5 Medium2021-09-01
CVE-2021-36032 Magento Commerce Improper Input Validation Could Lead To Information Exposure and Privilege Escalation CWE-20 8.3 High2021-09-01
CVE-2021-36038 Magento Commerce Multishipping Module Improper Input Validation Could Lead To Information Exposure CWE-20 6.5 Medium2021-09-01
CVE-2021-36028 Magento Commerce XML Injection Vulnerability Could Lead To Remote Code Execution CWE-91 9.1 Critical2021-09-01
CVE-2021-36034 Magento Commerce Improper Input Validation Could Lead To Remote Code Execution CWE-20 9.1 Critical2021-09-01
CVE-2021-36022 Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution CWE-78 9.1 Critical2021-09-01
CVE-2021-36033 Magento Commerce Widgets Module XML Injection Vulnerability Could Lead To Remote Code Execution CWE-91 9.1 Critical2021-09-01
CVE-2021-36037 Magento Commerce Improper Authorization Vulnerability Could Lead To Information Exposure CWE-285 6.5 Medium2021-09-01
CVE-2021-36012 Magento Commerce Gift Card Business Logic Error CWE-840 6.5 Medium2021-09-01
CVE-2021-28584 Magento Commerce path traversal vulnerability in child theme store creation CWE-22 5.4 Medium2021-06-28
CVE-2021-28585 Magento Commerce improper input validation in customer customer webapi CWE-20 5.3 Medium2021-06-28
CVE-2021-28583 Magento Commerce insecure storage of sensitive documentation CWE-657 7.5 High2021-06-28
CVE-2021-28563 Magento Commerce improper Authorization via the 'Create Customer' endpoint CWE-285 6.5 Medium2021-06-28
CVE-2021-28556 Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution CWE-79 6.9 Medium2021-06-28
CVE-2021-21064 Magento UPWARD-php Path traversal vulnerability via UPWARD Connector CWE-22 4.9 -2021-02-25
CVE-2021-21014 Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution CWE-434 9.1 -2021-02-11

All 85 known CVE vulnerabilities affecting Magento Commerce with full Chinese analysis, references, and POCs where available.