CVSS: 10.0EPSS: 91%CPEs: 14EXPL: 10CVE-2022-24086 – Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24086
16 Feb 2022 — Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. Adobe Commerce versiones 2.4.3-p1 (y anteriores) y 2.3.7-p2 (y anteriores), están afectadas por una vulnerabilidad de comprobación de entrada inapropiada durante el proceso de compra. Una explotación de este problema no requiere la interacción... • https://github.com/Mr-xn/CVE-2022-24086 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-39864 – Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition
https://notcve.org/view.php?id=CVE-2021-39864
15 Oct 2021 — Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. Adobe Commerce versiones 2.4.2-p2 (y anteriores), 2.4.3 (y anteriores) y 2.3.7p1 (y anteriores), están afectadas por una vulnerabilidad de tipo... • https://helpx.adobe.com/security/products/magento/apsb21-86.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21012 – Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2021-21012
13 Jan 2021 — Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure. Las versiones de Magento 2.4.1 (y anteriores), 2.4.0-p1 (y anteriores) y 2.3.6 (y anteriores) son vulnerables a una vulnerabilidad de objeto directo inseguro (IDOR) en el módulo de pago. Una explotación exitosa podría llevar a la divulgación de información sensible • https://helpx.adobe.com/security/products/magento/apsb21-08.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1639
https://notcve.org/view.php?id=CVE-2012-1639
01 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo enproduct/commerce_product.module en el módulo Drupal Commerce para Drupal anteriores a v7.x-1.2, permite a atacantes remotos secuestrar la autenticación de los ... • http://drupal.org/node/1416824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •