CVE-2021-36022 Magento Commerce Widgets Update Layout XML Injection Vulnerability Could Lead To Remote Code Execution

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

CVE-2021-36022

Magento Commerce is affected by an XML Injection vulnerability in the Widgets Update Layout across versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The underlying issue allows an attacker with admin privileges to trigger a crafted script that achieves remote code exe...