Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-36023

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

Published

2023-09-06T14:15:08.950

Last Modified

2024-11-21T06:12:58.380

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	magento	magento	< 2.3.7	Yes
Application	magento	magento	< 2.3.7	Yes
Application	magento	magento	< 2.4.2	Yes
Application	magento	magento	< 2.4.2	Yes
Application	magento	magento	2.3.7	Yes
Application	magento	magento	2.3.7	Yes
Application	magento	magento	2.4.2	Yes
Application	magento	magento	2.4.2	Yes
Application	magento	magento	2.4.2	Yes
Application	magento	magento	2.4.2	Yes

References

https://helpx.adobe.com/security/products/magento/apsb21-64.html Vendor Advisory ([email protected])
https://helpx.adobe.com/security/products/magento/apsb21-64.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)