Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

Remediation

References

CVE-2021-21030

Related Vulnerabilities

MySQL CVE-2015-4800 Vulnerability (CVE-2015-4800)

MySQL CVE-2021-2072 Vulnerability (CVE-2021-2072)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)

WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)

Severity

High

Classification

CVE-2021-21030 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities