{"url":"http://public2.vulnerablecode.io/api/packages/150785?format=json","purl":"pkg:composer/magento/product-community-edition@2.1.18","type":"composer","namespace":"magento","name":"product-community-edition","version":"2.1.18","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.2.9","latest_non_vulnerable_version":"2.3.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111797?format=json","vulnerability_id":"VCID-aqaj-qs9w-jkdd","summary":"Magento 2 Community Edition RCE Vulnerability\nA remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7876","reference_id":"","reference_type":"","scores":[{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75121","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75103","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75125","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00841","scoring_system":"epss","scoring_elements":"0.75117","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7876"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7876.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7876.yaml"},{"reference_url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7876","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7876"},{"reference_url":"https://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"},{"reference_url":"https://github.com/advisories/GHSA-6qh6-v99h-vh4c","reference_id":"GHSA-6qh6-v99h-vh4c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qh6-v99h-vh4c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150785?format=json","purl":"pkg:composer/magento/product-community-edition@2.1.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/150786?format=json","purl":"pkg:composer/magento/product-community-edition@2.2.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150787?format=json","purl":"pkg:composer/magento/product-community-edition@2.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.3.2"}],"aliases":["CVE-2019-7876","GHSA-6qh6-v99h-vh4c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqaj-qs9w-jkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111377?format=json","vulnerability_id":"VCID-ne2q-15ey-pbca","summary":"Magento 2 Community Edition XSS Vulnerability\nA stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7938","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25895","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25791","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25785","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25842","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25887","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7938"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7938.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7938.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7938.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7938.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7938.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7938.yaml"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7938","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7938"},{"reference_url":"https://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"},{"reference_url":"https://github.com/advisories/GHSA-mgfr-44wv-hqv6","reference_id":"GHSA-mgfr-44wv-hqv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgfr-44wv-hqv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150785?format=json","purl":"pkg:composer/magento/product-community-edition@2.1.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/150786?format=json","purl":"pkg:composer/magento/product-community-edition@2.2.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150787?format=json","purl":"pkg:composer/magento/product-community-edition@2.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.3.2"}],"aliases":["CVE-2019-7938","GHSA-mgfr-44wv-hqv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ne2q-15ey-pbca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111024?format=json","vulnerability_id":"VCID-tme1-k9t9-2qbb","summary":"Magento 2 Community Edition CSRF Vulnerability\nA cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7865","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18799","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18771","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18753","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18832","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18873","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7865"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7865.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7865.yaml"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7865","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7865"},{"reference_url":"https://web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33"},{"reference_url":"https://github.com/advisories/GHSA-wmrg-w9vg-7jqx","reference_id":"GHSA-wmrg-w9vg-7jqx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmrg-w9vg-7jqx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150785?format=json","purl":"pkg:composer/magento/product-community-edition@2.1.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/150786?format=json","purl":"pkg:composer/magento/product-community-edition@2.2.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150787?format=json","purl":"pkg:composer/magento/product-community-edition@2.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.3.2"}],"aliases":["CVE-2019-7865","GHSA-wmrg-w9vg-7jqx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tme1-k9t9-2qbb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/product-community-edition@2.1.18"}