CVE-2021-36023

CVSS V2 None CVSS V3 None
Description
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
Overview
  • CVE ID
  • CVE-2021-36023
  • Assigner
  • adobe
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-09-06T13:08:08.922Z
  • Last Modified Date
  • 2023-09-06T13:08:08.922Z
References
Reference URL Reference Tags
https://helpx.adobe.com/security/products/magento/apsb21-64.html vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-06-24 16:30:23 Added to TrackCVE