Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

Remediation

References

CVE-2021-21030

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-3239)

WordPress Plugin Include Me Remote Code Execution (1.2.1)

MediaWiki remote code execution

Squid Improper Input Validation Vulnerability (CVE-2010-0308)

MySQL CVE-2018-3170 Vulnerability (CVE-2018-3170)

Severity

High

Classification

CVE-2021-21030 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities