CVE-2021-36026
Magento Commerce stored cross-site scripting (XSS) in the customer address upload feature affects Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier), and 2.3.7 (and earlier). The vulnerability allows an attacker to inject malicious JavaScript into vulnerable form fields, which ...