Описание
Magento stored cross-site scripting (XSS) in the customer address upload feature
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.
Пакеты
magento/community-edition
< 2.3.6
2.3.6
magento/community-edition
>= 2.4.0, < 2.4.1-p1
2.4.1-p1
magento/project-community-edition
<= 2.0.2
Отсутствует
Связанные уязвимости
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.
Уязвимость программной платформы для разработки и управления онлайн магазинами Magento Commerce, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код