CVE-2021-21030

State: PUBLISHED · Published: 2021-02-11 · Updated: 2024-09-16 · Assigner: adobe

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

CWE

CWE-79 — Cross-site Scripting (Stored XSS) (CWE-79)

Affected

Adobe / Magento Commerce — v=unspecified ≤2.4.1 [affected]; v=unspecified ≤2.4.0-p1 [affected]; v=unspecified ≤2.3.6 [affected]; v=unspecified ≤None [affected]

CVSS

3.0 score=8.1 severity=HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References

https://helpx.adobe.com/security/products/magento/apsb21-08.html x_refsource_MISC

Source

cvelistV5-main/cves/2021/21xxx/CVE-2021-21030.json