2 matches found
CVE-2021-36023
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
CVE-2021-36023
CVE-2021-36023 affects Magento Commerce: Widgets Update Layout XML Injection in versions 2.4.2 (and older), 2.4.2-p1 (and older), and 2.3.7 (and older). An attacker with admin privileges can trigger a crafted script to achieve remote code execution. The underlying issue is an XML Injection in the...