CVE-2021-21023 – magento/project-community-edition

Package

Manager: composer
Name: magento/project-community-edition
Vulnerable Version: >=0 <=2.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.02821 pctl0.85615

Details

Magento stored cross-site scripting vulnerability in the admin console Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Metadata

Created: 2022-05-24T17:41:56Z
Modified: 2025-02-10T20:55:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h5rm-m772-6qcx/GHSA-h5rm-m772-6qcx.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-h5rm-m772-6qcx
Finding: F425
Auto approve: 1