{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T10:02:06.265","vulnerabilities":[{"cve":{"id":"CVE-2019-8155","sourceIdentifier":"psirt@adobe.com","published":"2019-11-06T00:15:12.763","lastModified":"2024-11-21T04:49:23.277","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions."},{"lang":"es","value":"Magento versiones anteriores a la versión 1.9.4.3 y versiones anterior a 1.14.4.3, incluía el token de CSRF de un usuario en la URL de una petición GET. Esto podría ser explotado por parte de un atacante con acceso al tráfico de red para realizar acciones no autorizadas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"1.5.0.0","versionEndExcluding":"1.9.4.3","matchCriteriaId":"D463F1B6-7A1A-45A6-A2B4-654FAFD0E231"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*","versionStartIncluding":"1.9.0.0","versionEndExcluding":"1.14.4.3","matchCriteriaId":"795C485A-D4B2-4B67-9766-D00BC6BE7FA1"}]}]}],"references":[{"url":"https://magento.com/security/patches/supee-11219","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://magento.com/security/patches/supee-11219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}