CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-5240
https://notcve.org/view.php?id=CVE-2011-5240
Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Magento v1.5 y v1.6.2 no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://www.unrest.ca/peerjacking • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 9%CPEs: 2EXPL: 5CVE-2009-0541 – Magento 1.2 - '/app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0541
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Magento v1.2.0 y v1.2.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) el campo "username" en una petición admin/ a index.php, posiblemente relacionado con el parámetro "login[username]" y la función de login app/code/core/Mage/Admin/Model/Session.php; (2) al campo "email address" en una petición admin/index/forgotpassword/ a index.php, posiblemente relacionado con el parámetro "email" y la función app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction; o (3) el parámetro "return" a la URI por defecto bajo downloader/. Magento version 1.2.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/32808 https://www.exploit-db.com/exploits/32809 https://www.exploit-db.com/exploits/32810 http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0257.html http://secunia.com/advisories/34000 http://securitytracker.com/id?1021746 http://www.securityfocus.com/bid/33872 https://exchange.xforce.ibmcloud.com/vulnerabilities/48876 https://exchange.xforce.ibmcloud.com/vulnerabilities/48877 https://exchange.xforce.ibmcloud.com/vulnerabilities/48878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •