2 matches found
CVE-2021-36020
Magento Commerce versions 2.4.2 and earlier (including 2.4.2-p1 and 2.3.7 and earlier) are affected by an XML Injection vulnerability in the City field that allows unauthenticated remote code execution. The issue is triggered by a specially crafted input and can compromise the server. Public refe...
CVE-2021-36020 Magento Commerce XML Injection Vulnerability In The 'City' Field Could Lead To Remote Code Execution
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution...