CVE-2021-21030

Cross-site Scripting in packagist/magento/community-edition

Identifiers

CVE-2021-21030

Package Slug

packagist/magento/community-edition

Vulnerability

Cross-site Scripting

Description

Magento is vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source