WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21023)

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Remediation

References

Related Vulnerabilities

Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)

MySQL CVE-2013-1532 Vulnerability (CVE-2013-1532)

Oracle Database Server CVE-2023-22071 Vulnerability (CVE-2023-22071)

MySQL Other Vulnerability (CVE-2010-3840)

WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)

Severity

Medium

Classification

CVE-2021-21023 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities