Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Remediation

References

CVE-2021-21029

Related Vulnerabilities

WordPress Plugin Donation Block For PayPal Unspecified Vulnerability (1.0.0)

WordPress Plugin Count per Day 'month' Parameter SQL Injection (2.17)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0272)

MySQL CVE-2020-14812 Vulnerability (CVE-2020-14812)

WordPress Plugin Essential Real Estate Cross-Site Scripting (1.7.1)

Severity

Medium

Classification

CVE-2021-21029 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities