Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Remediation

References

CVE-2021-21023

Related Vulnerabilities

YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)

WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)

Oracle JRE CVE-2013-2435 Vulnerability (CVE-2013-2435)

Moodle Other Vulnerability (CVE-2015-3175)

WordPress Plugin Easy Coming Soon Cross-Site Scripting (1.6.2)

Severity

Medium

Classification

CVE-2021-21023 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities