CVE-2021-21023

Cross-site Scripting in packagist/magento/community-edition

Identifiers

CVE-2021-21023

Package Slug

packagist/magento/community-edition

Vulnerability

Cross-site Scripting

Description

Magento is vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source