cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-8232,https://securityvulnerability.io/vulnerability/CVE-2019-8232,,"In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file modification.",Adobe,Magento 1 & 2,6.6,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8230,https://securityvulnerability.io/vulnerability/CVE-2019-8230,,"In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.",Adobe,Magento 1,7.2,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8231,https://securityvulnerability.io/vulnerability/CVE-2019-8231,,"In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.",Adobe,Magento 1,7.2,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8155,https://securityvulnerability.io/vulnerability/CVE-2019-8155,,Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.,Adobe,Magento 1,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8152,https://securityvulnerability.io/vulnerability/CVE-2019-8152,,"A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.",Adobe,Magento 1 & 2,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8228,https://securityvulnerability.io/vulnerability/CVE-2019-8228,,"in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.",Adobe,Magento 1,4.8,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8229,https://securityvulnerability.io/vulnerability/CVE-2019-8229,,"In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.",Adobe,Magento 1,7.2,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-06T00:15:00.000Z,0
CVE-2019-8227,https://securityvulnerability.io/vulnerability/CVE-2019-8227,,"In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.",Adobe,Magento 1,4.8,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2019-11-06T00:00:16.000Z,0
CVE-2019-8125,https://securityvulnerability.io/vulnerability/CVE-2019-8125,,A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.,Adobe,Magento 1,7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2019-11-05T22:51:21.000Z,0
CVE-2019-8123,https://securityvulnerability.io/vulnerability/CVE-2019-8123,,"An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.",Adobe,Magento 1& 2,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-11-05T22:50:57.000Z,0
CVE-2019-8114,https://securityvulnerability.io/vulnerability/CVE-2019-8114,,"A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload.",Adobe,Magento 1 & 2,7.2,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2019-11-05T22:24:13.000Z,0
CVE-2019-8091,https://securityvulnerability.io/vulnerability/CVE-2019-8091,,A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.,Adobe,Magento 1,7.2,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2019-11-05T22:08:55.000Z,0