CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-10704
https://notcve.org/view.php?id=CVE-2016-10704
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. Magento Community Edition y Enterprise Edition en sus versiones 2.0.10 y 2.1.x anteriores a la 2.1.2 tiene Cross Site Scripting (XSS) mediante las plantillas de correo que se gestionan de manera incorrecta durante una previsualización. Esta vulnerabilidad también se conoce como APPSEC-1503. • https://magento.com/security/patches/magento-2010-and-212-security-update • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8707
https://notcve.org/view.php?id=CVE-2015-8707
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. Los tokens de restablecimiento de contraseña en Magento CE en versiones anteriores a la 1.9.2.2 y Magento EE en versiones anteriores a la 1.14.2.2 se pasan mediante una petición GET y no se cancelan tras su uso. Esto permite que los atacantes remotos obtengan las contraseñas de usuario mediante un servicio externo manipulado con acceso al campo referrer. • https://magento.com/security/patches/supee-6788 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9758
https://notcve.org/view.php?id=CVE-2014-9758
Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.9.0.1 de Magento E-Commerce Platform. • http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform http://www.openwall.com/lists/oss-security/2015/12/05/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 95%CPEs: 2EXPL: 6CVE-2016-4010 – Magento 2.0.6 Unserialize Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-4010
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. Magento CE y EE en versiones anteriores a 2.0.6 permite a atacantes remotos llevar a cabo ataques de inyección de objeción de PHP y ejecutar código PHP arbitrario a través de la manipulación de los datos del carro de compra. Magento versions prior to 2.0.6 suffer from an unauthenticated arbitrary unserialize to arbitrary write file vulnerability. • https://www.exploit-db.com/exploits/39838 https://github.com/brianwrf/Magento-CVE-2016-4010 https://github.com/shadofren/CVE-2016-4010 http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution https://magento.com/security/patches/magento-206-security-update https://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.html https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html http://blog.checkpoint.com/2015/11/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2016-2212 – Magento 1.9.2.2 RSS Feed Information Disclosure
https://notcve.org/view.php?id=CVE-2016-2212
The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status. La función getOrderByStatusUrlKey en la clase Mage_Rss_Helper_Order en app/code/core/Mage/Rss/Helper/Order.php en Magento Enterprise Edition en versiones anteriores a 1.14.2.3 y Magento Community Edition en versiones anteriores a 1.9.2.3 permite a atacantes remotos obtener información sensible de order a través del order_id en un objeto JSON en el parámetro data en una petición de feed RSS a index.php/rss/order/status. Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed. • http://karmainsecurity.com/KIS-2016-02 http://packetstormsecurity.com/files/135941/Magento-1.9.2.2-RSS-Feed-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/105 http://www.securityfocus.com/archive/1/537601/100/0/threaded https://magento.com/security/patches/supee-7405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •