Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. Exploitation of this issue does not require user interaction.
Remediation
References
Related Vulnerabilities
WordPress Plugin MediaPress Security Bypass (1.1.9)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12167)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.20)
WordPress Plugin Migration, Backup, Staging-WPvivid Cross-Site Scripting (0.9.55)