Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8142) CVE-2019-8142 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8145) CVE-2019-8145 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8146) CVE-2019-8146 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8147) CVE-2019-8147 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8148) CVE-2019-8148 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8152) CVE-2019-8152 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8153) CVE-2019-8153 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8157) CVE-2019-8157 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8227) CVE-2019-8227 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8228) CVE-2019-8228 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8233) CVE-2019-8233 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-3715) CVE-2020-3715 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-3758) CVE-2020-3758 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9577) CVE-2020-9577 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9581) CVE-2020-9581 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9584) CVE-2020-9584 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9665) CVE-2020-9665 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691) CVE-2020-9691 CWE-707 CWE-707 Critical Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24408) CVE-2020-24408 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21023) CVE-2021-21023 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21029) CVE-2021-21029 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21030) CVE-2021-21030 CWE-707 CWE-707 High Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-28556) CVE-2021-28556 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34257) CVE-2022-34257 CWE-707 CWE-707 Medium Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34258) CVE-2022-34258 CWE-707 CWE-707 Medium Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-4010) CVE-2016-4010 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-7889) CVE-2019-7889 CWE-138 CWE-138 Medium Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8135) CVE-2019-8135 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-8159) CVE-2019-8159 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9576) CVE-2020-9576 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9578) CVE-2020-9578 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9582) CVE-2020-9582 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9583) CVE-2020-9583 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21015) CVE-2021-21015 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21016) CVE-2021-21016 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21018) CVE-2021-21018 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-36023) CVE-2021-36023 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1397) CVE-2015-1397 CWE-138 CWE-138 Medium Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-7139) CVE-2019-7139 CWE-138 CWE-138 Critical Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8127) CVE-2019-8127 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130) CVE-2019-8130 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8134) CVE-2019-8134 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8143) CVE-2019-8143 CWE-138 CWE-138 Medium Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-3719) CVE-2020-3719 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-24400) CVE-2020-24400 CWE-138 CWE-138 High Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-21024) CVE-2021-21024 CWE-138 CWE-138 Critical Magento Improper Privilege Management Vulnerability (CVE-2020-9630) CVE-2020-9630 CWE-269 CWE-269 Critical Magento Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2019-8126) CVE-2019-8126 CWE-776 CWE-776 Medium Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154) CVE-2019-8154 CWE-829 CWE-829 High Magento Incorrect Authorization Vulnerability (CVE-2020-9587) CVE-2020-9587 CWE-863 CWE-863 High Magento Incorrect Authorization Vulnerability (CVE-2020-9692) CVE-2020-9692 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2020-24401) CVE-2020-24401 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2021-28567) CVE-2021-28567 CWE-863 CWE-863 Medium Magento Incorrect Authorization Vulnerability (CVE-2022-34255) CVE-2022-34255 CWE-863 CWE-863 High Magento Incorrect Authorization Vulnerability (CVE-2022-34256) CVE-2022-34256 CWE-863 CWE-863 Critical Magento Insufficient Session Expiration Vulnerability (CVE-2019-8149) CVE-2019-8149 CWE-613 CWE-613 Critical Magento Insufficient Session Expiration Vulnerability (CVE-2021-21031) CVE-2021-21031 CWE-613 CWE-613 Medium Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032) CVE-2021-21032 CWE-613 CWE-613 Medium Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8112) CVE-2019-8112 CWE-345 CWE-345 High Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8124) CVE-2019-8124 CWE-345 CWE-345 High Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9588) CVE-2020-9588 High Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9690) CVE-2020-9690 Medium Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-15151) CVE-2020-15151 High Magento Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3458) CVE-2015-3458 CWE-264 CWE-264 Medium Magento remote code execution CVE-2015-1397 CVE-2015-1398 CVE-2015-1399 CWE-94 CWE-94 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892) CVE-2019-7892 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911) CVE-2019-7911 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913) CVE-2019-7913 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923) CVE-2019-7923 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8151) CVE-2019-8151 CWE-918 CWE-918 High Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8156) CVE-2019-8156 CWE-918 CWE-918 High Magento Session Fixation Vulnerability (CVE-2019-7849) CVE-2019-7849 CWE-384 CWE-384 High Magento Session Fixation Vulnerability (CVE-2019-8116) CVE-2019-8116 CWE-384 CWE-384 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861) CVE-2019-7861 CWE-434 CWE-434 High Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7912) CVE-2019-7912 CWE-434 CWE-434 High 1...66676869...293 67 / 293
