Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)
WordPress Plugin Spicy Blogroll Local File Include (1.0.0)
WordPress Plugin SendGrid Security Bypass (1.11.8)
WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Cross-Site Scripting (5.0.6)