| 0 |
| url |
VCID-141w-faqu-w3ay |
| vulnerability_id |
VCID-141w-faqu-w3ay |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45130, GHSA-v3v6-jfvw-m576
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-141w-faqu-w3ay |
|
| 1 |
| url |
VCID-16es-u6cy-u3g8 |
| vulnerability_id |
VCID-16es-u6cy-u3g8 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45149, GHSA-w7rg-7wq2-pjrw
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-16es-u6cy-u3g8 |
|
| 2 |
| url |
VCID-1mpb-gzr2-53ar |
| vulnerability_id |
VCID-1mpb-gzr2-53ar |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45121, GHSA-2qhq-fw98-h6wg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1mpb-gzr2-53ar |
|
| 3 |
| url |
VCID-1vq9-br2m-dbby |
| vulnerability_id |
VCID-1vq9-br2m-dbby |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24438, GHSA-8884-7rm9-mrx4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1vq9-br2m-dbby |
|
| 4 |
| url |
VCID-2t3q-pmg5-qyhn |
| vulnerability_id |
VCID-2t3q-pmg5-qyhn |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39405, GHSA-5g9f-7gqc-8hj4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2t3q-pmg5-qyhn |
|
| 5 |
| url |
VCID-313z-h2v4-c3fr |
| vulnerability_id |
VCID-313z-h2v4-c3fr |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24436, GHSA-ghpr-6qhr-rpp8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-313z-h2v4-c3fr |
|
| 6 |
| url |
VCID-368r-um85-k3d2 |
| vulnerability_id |
VCID-368r-um85-k3d2 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39418, GHSA-gvgf-pvh5-vjh4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-368r-um85-k3d2 |
|
| 7 |
| url |
VCID-3a8p-9krx-23e8 |
| vulnerability_id |
VCID-3a8p-9krx-23e8 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24411, GHSA-36hw-x3cc-m258
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3a8p-9krx-23e8 |
|
| 8 |
| url |
VCID-3s5p-wb18-13ge |
| vulnerability_id |
VCID-3s5p-wb18-13ge |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39399, GHSA-7r99-8wqp-h7pc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3s5p-wb18-13ge |
|
| 9 |
| url |
VCID-3uj4-thpr-cue1 |
| vulnerability_id |
VCID-3uj4-thpr-cue1 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39407, GHSA-cjm6-8mw8-2f8c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3uj4-thpr-cue1 |
|
| 10 |
| url |
VCID-466x-mpt9-gbgy |
| vulnerability_id |
VCID-466x-mpt9-gbgy |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
| reference_url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
| reference_id |
apsb23-50.html |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:36Z/ |
|
|
| url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38249, GHSA-rq36-9f5f-2gw7
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-466x-mpt9-gbgy |
|
| 11 |
| url |
VCID-4nqq-nrne-17a2 |
| vulnerability_id |
VCID-4nqq-nrne-17a2 |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54266, GHSA-pcrx-r49h-x2w5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqq-nrne-17a2 |
|
| 12 |
| url |
VCID-5edy-fp8q-97fp |
| vulnerability_id |
VCID-5edy-fp8q-97fp |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24417, GHSA-g3j6-9753-8mp2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5edy-fp8q-97fp |
|
| 13 |
| url |
VCID-6d1u-exkw-hbfu |
| vulnerability_id |
VCID-6d1u-exkw-hbfu |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54236, GHSA-wh92-6q6g-px7j
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6d1u-exkw-hbfu |
|
| 14 |
| url |
VCID-6v47-xgpq-zkgf |
| vulnerability_id |
VCID-6v47-xgpq-zkgf |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39401, GHSA-8frp-pxq2-3gpq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6v47-xgpq-zkgf |
|
| 15 |
| url |
VCID-78hy-q8kh-kyh7 |
| vulnerability_id |
VCID-78hy-q8kh-kyh7 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45123, GHSA-88x2-cq34-5fwc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-78hy-q8kh-kyh7 |
|
| 16 |
| url |
VCID-7bmk-3ab2-9ba6 |
| vulnerability_id |
VCID-7bmk-3ab2-9ba6 |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54267, GHSA-qvwr-p3hj-j6jf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7bmk-3ab2-9ba6 |
|
| 17 |
| url |
VCID-7j68-gund-4qhp |
| vulnerability_id |
VCID-7j68-gund-4qhp |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45132, GHSA-5f64-ppmg-cvvm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7j68-gund-4qhp |
|
| 18 |
| url |
VCID-8365-zgh2-w3cc |
| vulnerability_id |
VCID-8365-zgh2-w3cc |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39413, GHSA-8w5f-8992-g86j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8365-zgh2-w3cc |
|
| 19 |
| url |
VCID-8gwb-c3ck-37f8 |
| vulnerability_id |
VCID-8gwb-c3ck-37f8 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45129, GHSA-m58h-998x-66f3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gwb-c3ck-37f8 |
|
| 20 |
| url |
VCID-8hfe-bt2u-37f9 |
| vulnerability_id |
VCID-8hfe-bt2u-37f9 |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
| reference_url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
| reference_id |
apsb23-50.html |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:37Z/ |
|
|
| url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38221, GHSA-ggr8-3hwx-4f2m
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfe-bt2u-37f9 |
|
| 21 |
| url |
VCID-96hr-sbyj-27dw |
| vulnerability_id |
VCID-96hr-sbyj-27dw |
| summary |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N |
|
| 1 |
| value |
6.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7 |
| purl |
pkg:composer/magento/community-edition@2.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-158t-bqnb-83d4 |
|
| 2 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 3 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 4 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 5 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 6 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 7 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 8 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 9 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 10 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 11 |
| vulnerability |
VCID-3ydj-usv4-47fq |
|
| 12 |
| vulnerability |
VCID-466x-mpt9-gbgy |
|
| 13 |
| vulnerability |
VCID-4b5p-wqtj-7kbe |
|
| 14 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 15 |
| vulnerability |
VCID-549e-3kmc-cyfw |
|
| 16 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 17 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 18 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 19 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 20 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 21 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 22 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 23 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 24 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 25 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 26 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 27 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 28 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 29 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 30 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 31 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 32 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 33 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 34 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 35 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 36 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 37 |
| vulnerability |
VCID-eban-ja9z-f7ep |
|
| 38 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 39 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 40 |
| vulnerability |
VCID-fb5x-afrq-87aj |
|
| 41 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 42 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 43 |
| vulnerability |
VCID-frhp-vgpt-g7am |
|
| 44 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 45 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 46 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 47 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 48 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 49 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 50 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 51 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 52 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 53 |
| vulnerability |
VCID-jeur-3jww-dqee |
|
| 54 |
| vulnerability |
VCID-jkrp-j7st-27f3 |
|
| 55 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 56 |
| vulnerability |
VCID-kf6b-mshs-23fa |
|
| 57 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 58 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 59 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 60 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 61 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 62 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 63 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 64 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 65 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 66 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 67 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 68 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 69 |
| vulnerability |
VCID-q12a-kwpk-yufv |
|
| 70 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 71 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 72 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 73 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 74 |
| vulnerability |
VCID-qr8w-qwb5-6uag |
|
| 75 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 76 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 77 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 78 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 79 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 80 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 81 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 82 |
| vulnerability |
VCID-u52p-wrjp-quhk |
|
| 83 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 84 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 85 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 86 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 87 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 88 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 89 |
| vulnerability |
VCID-xgk2-yecx-q3ff |
|
| 90 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 91 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 92 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 93 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 94 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
| 95 |
| vulnerability |
VCID-zthr-mpwx-1fef |
|
| 96 |
| vulnerability |
VCID-zv6m-4py8-3ydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7 |
|
|
| aliases |
CVE-2024-20759, GHSA-59vf-hjxc-f9c5
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-96hr-sbyj-27dw |
|
| 22 |
| url |
VCID-9gb1-p5qf-3kd2 |
| vulnerability_id |
VCID-9gb1-p5qf-3kd2 |
| summary |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-49558, GHSA-wcmw-8xpp-rwfj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9gb1-p5qf-3kd2 |
|
| 23 |
| url |
VCID-9gbf-swtt-7bhz |
| vulnerability_id |
VCID-9gbf-swtt-7bhz |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24424, GHSA-539v-w87w-w62c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9gbf-swtt-7bhz |
|
| 24 |
| url |
VCID-a6gj-zm14-aqhq |
| vulnerability_id |
VCID-a6gj-zm14-aqhq |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45128, GHSA-qpp7-742q-58j3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6gj-zm14-aqhq |
|
| 25 |
| url |
VCID-ax9q-y1rb-33b2 |
| vulnerability_id |
VCID-ax9q-y1rb-33b2 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45124, GHSA-w3p2-pc3h-69wv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ax9q-y1rb-33b2 |
|
| 26 |
| url |
VCID-bfp1-cndf-d7d7 |
| vulnerability_id |
VCID-bfp1-cndf-d7d7 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45119, GHSA-g9fm-wc6h-pvgj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bfp1-cndf-d7d7 |
|
| 27 |
| url |
VCID-bftg-2sea-57cv |
| vulnerability_id |
VCID-bftg-2sea-57cv |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39419, GHSA-74w7-cr4v-wf2v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bftg-2sea-57cv |
|
| 28 |
| url |
VCID-bvfd-gs5b-dyg7 |
| vulnerability_id |
VCID-bvfd-gs5b-dyg7 |
| summary |
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-27190, GHSA-6wq7-cg9h-mj6q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bvfd-gs5b-dyg7 |
|
| 29 |
| url |
VCID-ctrj-y3d6-a7dv |
| vulnerability_id |
VCID-ctrj-y3d6-a7dv |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24434, GHSA-fppq-f2m6-xv5c
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ctrj-y3d6-a7dv |
|
| 30 |
| url |
VCID-cyy2-3rr3-jkc8 |
| vulnerability_id |
VCID-cyy2-3rr3-jkc8 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24421, GHSA-v6r2-425c-hfrr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cyy2-3rr3-jkc8 |
|
| 31 |
| url |
VCID-d9zc-rh9p-4bde |
| vulnerability_id |
VCID-d9zc-rh9p-4bde |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24429, GHSA-656q-fx2w-8ccv
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d9zc-rh9p-4bde |
|
| 32 |
| url |
VCID-dktm-v3jw-f7de |
| vulnerability_id |
VCID-dktm-v3jw-f7de |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
| reference_url |
https://helpx.adobe.com/security/products/magento/apsb24-73.html |
| reference_id |
apsb24-73.html |
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T14:01:07Z/ |
|
|
| url |
https://helpx.adobe.com/security/products/magento/apsb24-73.html |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45120, GHSA-47jp-46c9-25vf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dktm-v3jw-f7de |
|
| 33 |
| url |
VCID-dsy7-gm7v-tqc8 |
| vulnerability_id |
VCID-dsy7-gm7v-tqc8 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39415, GHSA-gj93-84g5-mcjq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dsy7-gm7v-tqc8 |
|
| 34 |
| url |
VCID-dytj-h56v-bke9 |
| vulnerability_id |
VCID-dytj-h56v-bke9 |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24435, GHSA-82p4-55gj-956p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dytj-h56v-bke9 |
|
| 35 |
| url |
VCID-e2t8-b5yy-zkhn |
| vulnerability_id |
VCID-e2t8-b5yy-zkhn |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45135, GHSA-8pxg-gcp4-57ww
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e2t8-b5yy-zkhn |
|
| 36 |
| url |
VCID-e9g4-n5c8-6yf9 |
| vulnerability_id |
VCID-e9g4-n5c8-6yf9 |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38219, GHSA-3j7w-jp46-9752
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e9g4-n5c8-6yf9 |
|
| 37 |
| url |
VCID-esjc-zzqy-nycf |
| vulnerability_id |
VCID-esjc-zzqy-nycf |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24408, GHSA-3cfg-w257-cgf8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-esjc-zzqy-nycf |
|
| 38 |
| url |
VCID-eusf-bc81-9uhv |
| vulnerability_id |
VCID-eusf-bc81-9uhv |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54263, GHSA-69x9-xp2j-w8g8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eusf-bc81-9uhv |
|
| 39 |
| url |
VCID-fb5x-afrq-87aj |
| vulnerability_id |
VCID-fb5x-afrq-87aj |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38251, GHSA-7pfc-834q-h497
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fb5x-afrq-87aj |
|
| 40 |
| url |
VCID-ferd-u8gt-akds |
| vulnerability_id |
VCID-ferd-u8gt-akds |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24406, GHSA-954p-ff72-327w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ferd-u8gt-akds |
|
| 41 |
| url |
VCID-fqkf-67fw-cyb8 |
| vulnerability_id |
VCID-fqkf-67fw-cyb8 |
| summary |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-49559, GHSA-h4f4-gv6h-x824
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkf-67fw-cyb8 |
|
| 42 |
| url |
VCID-gac9-1nnp-67cc |
| vulnerability_id |
VCID-gac9-1nnp-67cc |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24432, GHSA-7jmr-43qj-pw47
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gac9-1nnp-67cc |
|
| 43 |
| url |
VCID-gakd-m2af-z7c2 |
| vulnerability_id |
VCID-gakd-m2af-z7c2 |
| summary |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
| 2 |
|
|
| aliases |
CVE-2025-49550, GHSA-8hcx-xvww-6c6h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gakd-m2af-z7c2 |
|
| 44 |
| url |
VCID-ggtj-fbzy-87fx |
| vulnerability_id |
VCID-ggtj-fbzy-87fx |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45122, GHSA-46fm-x82m-5f74
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ggtj-fbzy-87fx |
|
| 45 |
| url |
VCID-gx3s-7cxk-pyfc |
| vulnerability_id |
VCID-gx3s-7cxk-pyfc |
| summary |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-49556, GHSA-7hrj-3c9x-xv5h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gx3s-7cxk-pyfc |
|
| 46 |
| url |
VCID-gxbc-u5mr-f3c9 |
| vulnerability_id |
VCID-gxbc-u5mr-f3c9 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39403, GHSA-mmp7-8cg4-9wrg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbc-u5mr-f3c9 |
|
| 47 |
| url |
VCID-gzga-qjaf-kugh |
| vulnerability_id |
VCID-gzga-qjaf-kugh |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24428, GHSA-mm87-rrqx-94cr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gzga-qjaf-kugh |
|
| 48 |
| url |
VCID-h2ju-dedu-fqad |
| vulnerability_id |
VCID-h2ju-dedu-fqad |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54265, GHSA-r355-75hw-r8jf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ju-dedu-fqad |
|
| 49 |
| url |
VCID-j9e4-4xta-6qc5 |
| vulnerability_id |
VCID-j9e4-4xta-6qc5 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39414, GHSA-x6f9-hv9r-fgq4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j9e4-4xta-6qc5 |
|
| 50 |
| url |
VCID-jkrp-j7st-27f3 |
| vulnerability_id |
VCID-jkrp-j7st-27f3 |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
| reference_url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
| reference_id |
apsb23-50.html |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:49:35Z/ |
|
|
| url |
https://helpx.adobe.com/security/products/magento/apsb23-50.html |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38250, GHSA-h3g9-cwr6-hphx
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jkrp-j7st-27f3 |
|
| 51 |
| url |
VCID-jnuu-9mt7-jyd5 |
| vulnerability_id |
VCID-jnuu-9mt7-jyd5 |
| summary |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
8.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
| reference_url |
https://helpx.adobe.com/security/products/magento/apsb24-18.html |
| reference_id |
apsb24-18.html |
| reference_type |
|
| scores |
| 0 |
| value |
9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
9.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 2 |
| value |
8.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-04-11T04:01:06Z/ |
|
|
| url |
https://helpx.adobe.com/security/products/magento/apsb24-18.html |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7 |
| purl |
pkg:composer/magento/community-edition@2.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-158t-bqnb-83d4 |
|
| 2 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 3 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 4 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 5 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 6 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 7 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 8 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 9 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 10 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 11 |
| vulnerability |
VCID-3ydj-usv4-47fq |
|
| 12 |
| vulnerability |
VCID-466x-mpt9-gbgy |
|
| 13 |
| vulnerability |
VCID-4b5p-wqtj-7kbe |
|
| 14 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 15 |
| vulnerability |
VCID-549e-3kmc-cyfw |
|
| 16 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 17 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 18 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 19 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 20 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 21 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 22 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 23 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 24 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 25 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 26 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 27 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 28 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 29 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 30 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 31 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 32 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 33 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 34 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 35 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 36 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 37 |
| vulnerability |
VCID-eban-ja9z-f7ep |
|
| 38 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 39 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 40 |
| vulnerability |
VCID-fb5x-afrq-87aj |
|
| 41 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 42 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 43 |
| vulnerability |
VCID-frhp-vgpt-g7am |
|
| 44 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 45 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 46 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 47 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 48 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 49 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 50 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 51 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 52 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 53 |
| vulnerability |
VCID-jeur-3jww-dqee |
|
| 54 |
| vulnerability |
VCID-jkrp-j7st-27f3 |
|
| 55 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 56 |
| vulnerability |
VCID-kf6b-mshs-23fa |
|
| 57 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 58 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 59 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 60 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 61 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 62 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 63 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 64 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 65 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 66 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 67 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 68 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 69 |
| vulnerability |
VCID-q12a-kwpk-yufv |
|
| 70 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 71 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 72 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 73 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 74 |
| vulnerability |
VCID-qr8w-qwb5-6uag |
|
| 75 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 76 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 77 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 78 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 79 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 80 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 81 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 82 |
| vulnerability |
VCID-u52p-wrjp-quhk |
|
| 83 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 84 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 85 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 86 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 87 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 88 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 89 |
| vulnerability |
VCID-xgk2-yecx-q3ff |
|
| 90 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 91 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 92 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 93 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 94 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
| 95 |
| vulnerability |
VCID-zthr-mpwx-1fef |
|
| 96 |
| vulnerability |
VCID-zv6m-4py8-3ydq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7 |
|
|
| aliases |
CVE-2024-20758, GHSA-wh4m-6rh3-p4rq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jnuu-9mt7-jyd5 |
|
| 52 |
| url |
VCID-jyhf-huep-tya2 |
| vulnerability_id |
VCID-jyhf-huep-tya2 |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39398, GHSA-q628-54wg-4r5q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jyhf-huep-tya2 |
|
| 53 |
| url |
VCID-kfct-k5af-n7fu |
| vulnerability_id |
VCID-kfct-k5af-n7fu |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N |
|
| 1 |
| value |
6.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45116, GHSA-873m-72g6-853g
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kfct-k5af-n7fu |
|
| 54 |
| url |
VCID-kjc9-vrhf-hfav |
| vulnerability_id |
VCID-kjc9-vrhf-hfav |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24427, GHSA-v3hq-g424-5mgg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kjc9-vrhf-hfav |
|
| 55 |
| url |
VCID-ktnj-j4xu-uufs |
| vulnerability_id |
VCID-ktnj-j4xu-uufs |
| summary |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-49555, GHSA-5777-jj7p-mpqw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ktnj-j4xu-uufs |
|
| 56 |
| url |
VCID-kxjv-xm7r-hkhs |
| vulnerability_id |
VCID-kxjv-xm7r-hkhs |
| summary |
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-27191, GHSA-vhcq-4xrm-2cr2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kxjv-xm7r-hkhs |
|
| 57 |
| url |
VCID-mccb-abc5-9yfs |
| vulnerability_id |
VCID-mccb-abc5-9yfs |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45118, GHSA-cg52-68fv-94qq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mccb-abc5-9yfs |
|
| 58 |
| url |
VCID-ngx2-ewzf-xbd4 |
| vulnerability_id |
VCID-ngx2-ewzf-xbd4 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L |
|
| 1 |
| value |
6.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45117, GHSA-3fr3-gcqh-3m2g
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ngx2-ewzf-xbd4 |
|
| 59 |
| url |
VCID-ntst-nee5-63d3 |
| vulnerability_id |
VCID-ntst-nee5-63d3 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24410, GHSA-gjxp-46rq-wg4q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ntst-nee5-63d3 |
|
| 60 |
| url |
VCID-pb4n-m8cv-9bb7 |
| vulnerability_id |
VCID-pb4n-m8cv-9bb7 |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45125, GHSA-xg36-8c2v-jpxh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pb4n-m8cv-9bb7 |
|
| 61 |
| url |
VCID-pcm6-819d-6uhm |
| vulnerability_id |
VCID-pcm6-819d-6uhm |
| summary |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-54264, GHSA-2768-5wmv-cfff
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pcm6-819d-6uhm |
|
| 62 |
| url |
VCID-pfvk-8q6r-e7c5 |
| vulnerability_id |
VCID-pfvk-8q6r-e7c5 |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24437, GHSA-469f-wf4f-3jjv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pfvk-8q6r-e7c5 |
|
| 63 |
| url |
VCID-psnm-zaza-tuf9 |
| vulnerability_id |
VCID-psnm-zaza-tuf9 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24414, GHSA-fhw6-3mj5-w9gv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-psnm-zaza-tuf9 |
|
| 64 |
| url |
VCID-pu8a-r3v2-g7h9 |
| vulnerability_id |
VCID-pu8a-r3v2-g7h9 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24416, GHSA-rjjw-g6hw-7pc9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu8a-r3v2-g7h9 |
|
| 65 |
| url |
VCID-q12a-kwpk-yufv |
| vulnerability_id |
VCID-q12a-kwpk-yufv |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
|
| 1 |
| value |
5.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-26366, GHSA-8jxc-5f94-22vh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q12a-kwpk-yufv |
|
| 66 |
| url |
VCID-q68u-w433-tqb9 |
| vulnerability_id |
VCID-q68u-w433-tqb9 |
| summary |
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-27192, GHSA-2r94-wm5v-4prx
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q68u-w433-tqb9 |
|
| 67 |
| url |
VCID-qbx1-jqke-v7hf |
| vulnerability_id |
VCID-qbx1-jqke-v7hf |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39402, GHSA-2ff6-837j-hg5x
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qbx1-jqke-v7hf |
|
| 68 |
| url |
VCID-qh9p-8b9r-mufh |
| vulnerability_id |
VCID-qh9p-8b9r-mufh |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24412, GHSA-m4rg-mpp2-97px
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qh9p-8b9r-mufh |
|
| 69 |
| url |
VCID-qnpc-4r4b-3uhx |
| vulnerability_id |
VCID-qnpc-4r4b-3uhx |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39417, GHSA-4xmj-f664-hv98
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qnpc-4r4b-3uhx |
|
| 70 |
| url |
VCID-qr8w-qwb5-6uag |
| vulnerability_id |
VCID-qr8w-qwb5-6uag |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
4.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-26367, GHSA-9mx6-4gg4-85xj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8w-qwb5-6uag |
|
| 71 |
| url |
VCID-rm7u-jwat-v7f1 |
| vulnerability_id |
VCID-rm7u-jwat-v7f1 |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24409, GHSA-vw47-79jv-3598
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7u-jwat-v7f1 |
|
| 72 |
| url |
VCID-rw4d-b9yt-mbhz |
| vulnerability_id |
VCID-rw4d-b9yt-mbhz |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
4.8 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45127, GHSA-c89g-gq5r-2xw2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rw4d-b9yt-mbhz |
|
| 73 |
| url |
VCID-s45p-jru3-w3df |
| vulnerability_id |
VCID-s45p-jru3-w3df |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45133, GHSA-j3mh-wx5f-2vhg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s45p-jru3-w3df |
|
| 74 |
| url |
VCID-s7t9-h2jx-9bgr |
| vulnerability_id |
VCID-s7t9-h2jx-9bgr |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39416, GHSA-4xgg-rw35-7mv5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s7t9-h2jx-9bgr |
|
| 75 |
| url |
VCID-t4gd-uv9g-ukh5 |
| vulnerability_id |
VCID-t4gd-uv9g-ukh5 |
| summary |
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24425, GHSA-6ff8-jrfg-43hh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t4gd-uv9g-ukh5 |
|
| 76 |
| url |
VCID-twda-bvut-9bhp |
| vulnerability_id |
VCID-twda-bvut-9bhp |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
2.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45134, GHSA-4f89-5cwm-rm5g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-twda-bvut-9bhp |
|
| 77 |
| url |
VCID-twdq-g82m-nqcp |
| vulnerability_id |
VCID-twdq-g82m-nqcp |
| summary |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-49554, GHSA-xgfm-992v-h2hr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-twdq-g82m-nqcp |
|
| 78 |
| url |
VCID-u9vz-axk1-fqfn |
| vulnerability_id |
VCID-u9vz-axk1-fqfn |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24415, GHSA-gc27-rvvm-q77r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u9vz-axk1-fqfn |
|
| 79 |
| url |
VCID-vgz6-nvj3-xqft |
| vulnerability_id |
VCID-vgz6-nvj3-xqft |
| summary |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p3 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 5 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 6 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 7 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 8 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 9 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 10 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 11 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 12 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 13 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 14 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 15 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 16 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 17 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 18 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 19 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 20 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 21 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 22 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 23 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 24 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 25 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 26 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 27 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 28 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 29 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 30 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 31 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 32 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 33 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 34 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 35 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 36 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 37 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 38 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 39 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 40 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 41 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 42 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 43 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 44 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p3 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
|
| aliases |
CVE-2024-45131, GHSA-xc5p-773w-m3pm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vgz6-nvj3-xqft |
|
| 80 |
| url |
VCID-vwpg-z9en-6yej |
| vulnerability_id |
VCID-vwpg-z9en-6yej |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39400, GHSA-52fg-wjxm-pp44
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vwpg-z9en-6yej |
|
| 81 |
| url |
VCID-wfdz-b6c4-quhq |
| vulnerability_id |
VCID-wfdz-b6c4-quhq |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39411, GHSA-qm77-mqf3-fmhq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfdz-b6c4-quhq |
|
| 82 |
| url |
VCID-wxkj-7zgv-x7bc |
| vulnerability_id |
VCID-wxkj-7zgv-x7bc |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24430, GHSA-6w27-c66f-gvhq
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wxkj-7zgv-x7bc |
|
| 83 |
| url |
VCID-xgh4-b9yn-dkh4 |
| vulnerability_id |
VCID-xgh4-b9yn-dkh4 |
| summary |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
| 2 |
|
|
| aliases |
CVE-2025-27206, GHSA-g2pj-xmxq-3r9q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xgh4-b9yn-dkh4 |
|
| 84 |
| url |
VCID-xjd4-w9bn-mbex |
| vulnerability_id |
VCID-xjd4-w9bn-mbex |
| summary |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
| 2 |
|
|
| aliases |
CVE-2025-43585, GHSA-r487-9vv5-75gg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xjd4-w9bn-mbex |
|
| 85 |
| url |
VCID-xmby-7b1y-v3cn |
| vulnerability_id |
VCID-xmby-7b1y-v3cn |
| summary |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 5 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 6 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 7 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 8 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 9 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 10 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 11 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 12 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 13 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 14 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 15 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 16 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 17 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 18 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 19 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 20 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 21 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 22 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 23 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 24 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 25 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 26 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 27 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 28 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 29 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 30 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 31 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 32 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 33 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 34 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 35 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 36 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 37 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 38 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 39 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 40 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 41 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 42 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 43 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 44 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 45 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 46 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 47 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 48 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 49 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 50 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 51 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 52 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 53 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 54 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 55 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 56 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 57 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 58 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 59 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 60 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 61 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 62 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 63 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 64 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p2 |
|
|
| aliases |
CVE-2024-39404, GHSA-qrh3-vxjg-h9h6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xmby-7b1y-v3cn |
|
| 86 |
| url |
VCID-xqc4-jf6e-abfg |
| vulnerability_id |
VCID-xqc4-jf6e-abfg |
| summary |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| purl |
pkg:composer/magento/community-edition@2.4.8-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 1 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 2 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 3 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 4 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 5 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 6 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 7 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 8 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 9 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 10 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 11 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 12 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 13 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 14 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 15 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 16 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 17 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 18 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 19 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 20 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 21 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 22 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 23 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 24 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 25 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 26 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 27 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 28 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 29 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 30 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 31 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 32 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 33 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 34 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 35 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 36 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 37 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 38 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 39 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1 |
|
| 2 |
|
|
| aliases |
CVE-2025-49549, GHSA-85jx-x9r4-45m2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqc4-jf6e-abfg |
|
| 87 |
| url |
VCID-z97t-ffda-vfes |
| vulnerability_id |
VCID-z97t-ffda-vfes |
| summary |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-47110, GHSA-j934-vjh5-vf9r
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z97t-ffda-vfes |
|
| 88 |
| url |
VCID-za87-d5x9-wuby |
| vulnerability_id |
VCID-za87-d5x9-wuby |
| summary |
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-p4 |
| purl |
pkg:composer/magento/community-edition@2.4.7-p4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 1 |
| vulnerability |
VCID-53sd-5nuj-e7d9 |
|
| 2 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 3 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 4 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 5 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 6 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 7 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 8 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 9 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 10 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 11 |
| vulnerability |
VCID-jc6r-vmnc-r3g9 |
|
| 12 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 13 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 14 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 15 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 16 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 17 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 18 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 19 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 20 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4 |
|
| 1 |
|
|
| aliases |
CVE-2025-24413, GHSA-xwgx-8v72-4j5j
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-za87-d5x9-wuby |
|
| 89 |
| url |
VCID-zssu-1dmn-sycb |
| vulnerability_id |
VCID-zssu-1dmn-sycb |
| summary |
|
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
6.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38218, GHSA-rpc7-gf58-v3x2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zssu-1dmn-sycb |
|
| 90 |
| url |
VCID-zym7-1cr7-mkaa |
| vulnerability_id |
VCID-zym7-1cr7-mkaa |
| summary |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/magento/magento2 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/magento/magento2 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| purl |
pkg:composer/magento/community-edition@2.4.7-beta2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-141w-faqu-w3ay |
|
| 1 |
| vulnerability |
VCID-16es-u6cy-u3g8 |
|
| 2 |
| vulnerability |
VCID-1mpb-gzr2-53ar |
|
| 3 |
| vulnerability |
VCID-1vq9-br2m-dbby |
|
| 4 |
| vulnerability |
VCID-2t3q-pmg5-qyhn |
|
| 5 |
| vulnerability |
VCID-313z-h2v4-c3fr |
|
| 6 |
| vulnerability |
VCID-368r-um85-k3d2 |
|
| 7 |
| vulnerability |
VCID-3a8p-9krx-23e8 |
|
| 8 |
| vulnerability |
VCID-3s5p-wb18-13ge |
|
| 9 |
| vulnerability |
VCID-3uj4-thpr-cue1 |
|
| 10 |
| vulnerability |
VCID-4nqq-nrne-17a2 |
|
| 11 |
| vulnerability |
VCID-5edy-fp8q-97fp |
|
| 12 |
| vulnerability |
VCID-6d1u-exkw-hbfu |
|
| 13 |
| vulnerability |
VCID-6v47-xgpq-zkgf |
|
| 14 |
| vulnerability |
VCID-78hy-q8kh-kyh7 |
|
| 15 |
| vulnerability |
VCID-7bmk-3ab2-9ba6 |
|
| 16 |
| vulnerability |
VCID-7j68-gund-4qhp |
|
| 17 |
| vulnerability |
VCID-8365-zgh2-w3cc |
|
| 18 |
| vulnerability |
VCID-8gwb-c3ck-37f8 |
|
| 19 |
| vulnerability |
VCID-96hr-sbyj-27dw |
|
| 20 |
| vulnerability |
VCID-9gb1-p5qf-3kd2 |
|
| 21 |
| vulnerability |
VCID-9gbf-swtt-7bhz |
|
| 22 |
| vulnerability |
VCID-a6gj-zm14-aqhq |
|
| 23 |
| vulnerability |
VCID-ax9q-y1rb-33b2 |
|
| 24 |
| vulnerability |
VCID-bfp1-cndf-d7d7 |
|
| 25 |
| vulnerability |
VCID-bftg-2sea-57cv |
|
| 26 |
| vulnerability |
VCID-bvfd-gs5b-dyg7 |
|
| 27 |
| vulnerability |
VCID-ctrj-y3d6-a7dv |
|
| 28 |
| vulnerability |
VCID-cyy2-3rr3-jkc8 |
|
| 29 |
| vulnerability |
VCID-d9zc-rh9p-4bde |
|
| 30 |
| vulnerability |
VCID-dktm-v3jw-f7de |
|
| 31 |
| vulnerability |
VCID-dsy7-gm7v-tqc8 |
|
| 32 |
| vulnerability |
VCID-dytj-h56v-bke9 |
|
| 33 |
| vulnerability |
VCID-e2t8-b5yy-zkhn |
|
| 34 |
| vulnerability |
VCID-esjc-zzqy-nycf |
|
| 35 |
| vulnerability |
VCID-eusf-bc81-9uhv |
|
| 36 |
| vulnerability |
VCID-ferd-u8gt-akds |
|
| 37 |
| vulnerability |
VCID-fqkf-67fw-cyb8 |
|
| 38 |
| vulnerability |
VCID-gac9-1nnp-67cc |
|
| 39 |
| vulnerability |
VCID-gakd-m2af-z7c2 |
|
| 40 |
| vulnerability |
VCID-ggtj-fbzy-87fx |
|
| 41 |
| vulnerability |
VCID-gx3s-7cxk-pyfc |
|
| 42 |
| vulnerability |
VCID-gxbc-u5mr-f3c9 |
|
| 43 |
| vulnerability |
VCID-gzga-qjaf-kugh |
|
| 44 |
| vulnerability |
VCID-h2ju-dedu-fqad |
|
| 45 |
| vulnerability |
VCID-j9e4-4xta-6qc5 |
|
| 46 |
| vulnerability |
VCID-jnuu-9mt7-jyd5 |
|
| 47 |
| vulnerability |
VCID-jyhf-huep-tya2 |
|
| 48 |
| vulnerability |
VCID-kfct-k5af-n7fu |
|
| 49 |
| vulnerability |
VCID-kjc9-vrhf-hfav |
|
| 50 |
| vulnerability |
VCID-ktnj-j4xu-uufs |
|
| 51 |
| vulnerability |
VCID-kxjv-xm7r-hkhs |
|
| 52 |
| vulnerability |
VCID-mccb-abc5-9yfs |
|
| 53 |
| vulnerability |
VCID-ngx2-ewzf-xbd4 |
|
| 54 |
| vulnerability |
VCID-ntst-nee5-63d3 |
|
| 55 |
| vulnerability |
VCID-pb4n-m8cv-9bb7 |
|
| 56 |
| vulnerability |
VCID-pcm6-819d-6uhm |
|
| 57 |
| vulnerability |
VCID-pfvk-8q6r-e7c5 |
|
| 58 |
| vulnerability |
VCID-psnm-zaza-tuf9 |
|
| 59 |
| vulnerability |
VCID-pu8a-r3v2-g7h9 |
|
| 60 |
| vulnerability |
VCID-q68u-w433-tqb9 |
|
| 61 |
| vulnerability |
VCID-qbx1-jqke-v7hf |
|
| 62 |
| vulnerability |
VCID-qh9p-8b9r-mufh |
|
| 63 |
| vulnerability |
VCID-qnpc-4r4b-3uhx |
|
| 64 |
| vulnerability |
VCID-rm7u-jwat-v7f1 |
|
| 65 |
| vulnerability |
VCID-rw4d-b9yt-mbhz |
|
| 66 |
| vulnerability |
VCID-s45p-jru3-w3df |
|
| 67 |
| vulnerability |
VCID-s7t9-h2jx-9bgr |
|
| 68 |
| vulnerability |
VCID-t4gd-uv9g-ukh5 |
|
| 69 |
| vulnerability |
VCID-twda-bvut-9bhp |
|
| 70 |
| vulnerability |
VCID-twdq-g82m-nqcp |
|
| 71 |
| vulnerability |
VCID-u9vz-axk1-fqfn |
|
| 72 |
| vulnerability |
VCID-vgz6-nvj3-xqft |
|
| 73 |
| vulnerability |
VCID-vwpg-z9en-6yej |
|
| 74 |
| vulnerability |
VCID-wfdz-b6c4-quhq |
|
| 75 |
| vulnerability |
VCID-wxkj-7zgv-x7bc |
|
| 76 |
| vulnerability |
VCID-xgh4-b9yn-dkh4 |
|
| 77 |
| vulnerability |
VCID-xjd4-w9bn-mbex |
|
| 78 |
| vulnerability |
VCID-xmby-7b1y-v3cn |
|
| 79 |
| vulnerability |
VCID-xqc4-jf6e-abfg |
|
| 80 |
| vulnerability |
VCID-z97t-ffda-vfes |
|
| 81 |
| vulnerability |
VCID-za87-d5x9-wuby |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta2 |
|
|
| aliases |
CVE-2023-38220, GHSA-grc6-r6f8-xj7c
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zym7-1cr7-mkaa |
|